Overview

overview

10

Static

static

5d4e29a205...70.exe

windows7_x64

10

5d4e29a205...70.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d4e29a20566f61f735f1ba292255f34d2e2c7aa2c870e92335dfde91cca9c70

  • Size

    14.6MB

  • Sample

    220128-zjct7sdec2

  • MD5

    b042c917da056713438d4ba64c10be22

  • SHA1

    5bb43103095e5e42255568ef4e77b3acdfbed502

  • SHA256

    5d4e29a20566f61f735f1ba292255f34d2e2c7aa2c870e92335dfde91cca9c70

  • SHA512

    5f88bb7edc14d8c04a88f8eaed7cdcf1f62d55ce24edfb011eed0188c3aa43a7a4962c118f2da1965ec096d2612aa8e04a6f75c9755008ebe42c436642fc57b8

Score
10/10
rmsxmrigevasionminerpersistencerattrojan

Malware Config

Targets

    • Target

      5d4e29a20566f61f735f1ba292255f34d2e2c7aa2c870e92335dfde91cca9c70

    • Size

      14.6MB

    • MD5

      b042c917da056713438d4ba64c10be22

    • SHA1

      5bb43103095e5e42255568ef4e77b3acdfbed502

    • SHA256

      5d4e29a20566f61f735f1ba292255f34d2e2c7aa2c870e92335dfde91cca9c70

    • SHA512

      5f88bb7edc14d8c04a88f8eaed7cdcf1f62d55ce24edfb011eed0188c3aa43a7a4962c118f2da1965ec096d2612aa8e04a6f75c9755008ebe42c436642fc57b8

    Score
    10/10
    rmsxmrigevasionminerpersistencerattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • UAC bypass

      evasiontrojan

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks