Overview

overview

10

Static

static

e88222cf5d...0b.exe

windows7_x64

5

e88222cf5d...0b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e88222cf5d0cb1814f581b37a3aad63e7e17d25d308281960b7551a8295d030b

  • Size

    5.3MB

  • Sample

    220213-k7lppaabhq

  • MD5

    099e0502c814215f447660a9fc591361

  • SHA1

    a2917fbe5157fee9e2a70258a96f66aa2498c733

  • SHA256

    e88222cf5d0cb1814f581b37a3aad63e7e17d25d308281960b7551a8295d030b

  • SHA512

    e6519b42ff0ed5feafe6bb92d578417468456b849cddce29043835bfa63108f45bd12c35fb5a2f7b2baea3c7bb7c5381c979d6a759232964d64a07edda33fffa

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      e88222cf5d0cb1814f581b37a3aad63e7e17d25d308281960b7551a8295d030b

    • Size

      5.3MB

    • MD5

      099e0502c814215f447660a9fc591361

    • SHA1

      a2917fbe5157fee9e2a70258a96f66aa2498c733

    • SHA256

      e88222cf5d0cb1814f581b37a3aad63e7e17d25d308281960b7551a8295d030b

    • SHA512

      e6519b42ff0ed5feafe6bb92d578417468456b849cddce29043835bfa63108f45bd12c35fb5a2f7b2baea3c7bb7c5381c979d6a759232964d64a07edda33fffa

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • autoit_exe

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks