Overview

overview

10

Static

static

96665b5c55...92.exe

windows7_x64

10

96665b5c55...92.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96665b5c55da7633dc0e67240dfbaac0c872fc74f55954d766cee3a1c8682f92

  • Size

    5.1MB

  • Sample

    220129-e9h4padaek

  • MD5

    ab6a5328c37edd22de33ece56dc8f043

  • SHA1

    e2b28629299d824ae085eb1476f46f92cf364c0a

  • SHA256

    96665b5c55da7633dc0e67240dfbaac0c872fc74f55954d766cee3a1c8682f92

  • SHA512

    42b8bdad1933408bb556731b6766f34d42aa8fd0df9e1d629a4136586e9ed1bb8d49da2958e7bd8a5179414fee2680c9b909c94ffac0b109cebc0008e67bf6f8

Score
10/10
rmsevasionrattrojan

Malware Config

Targets

    • Target

      96665b5c55da7633dc0e67240dfbaac0c872fc74f55954d766cee3a1c8682f92

    • Size

      5.1MB

    • MD5

      ab6a5328c37edd22de33ece56dc8f043

    • SHA1

      e2b28629299d824ae085eb1476f46f92cf364c0a

    • SHA256

      96665b5c55da7633dc0e67240dfbaac0c872fc74f55954d766cee3a1c8682f92

    • SHA512

      42b8bdad1933408bb556731b6766f34d42aa8fd0df9e1d629a4136586e9ed1bb8d49da2958e7bd8a5179414fee2680c9b909c94ffac0b109cebc0008e67bf6f8

    Score
    10/10
    rmsevasionrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks