Overview

overview

10

Static

static

9992114ca4...82.exe

windows7_x64

10

9992114ca4...82.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9992114ca431bbcc576a1eebaaa878554ee85c4669e63e92adea8cc925fc9882

  • Size

    10.2MB

  • Sample

    220213-n4v1qsheh3

  • MD5

    e935690d76617f96a7d1f3cf8ea829fd

  • SHA1

    11c701c219393d30351a7c3aadbbde3aeefb7d35

  • SHA256

    9992114ca431bbcc576a1eebaaa878554ee85c4669e63e92adea8cc925fc9882

  • SHA512

    c606f2aed982bef5a200273a8b299bd996e0a4535b91cb4bb529080920ce78c7ed138e870bfdf1a57ed8cbbc05d5cdbe668ad1c3f98c42626303ae35671eb5d8

Score
10/10
rmspersistencerattrojan

Malware Config

Targets

    • Target

      9992114ca431bbcc576a1eebaaa878554ee85c4669e63e92adea8cc925fc9882

    • Size

      10.2MB

    • MD5

      e935690d76617f96a7d1f3cf8ea829fd

    • SHA1

      11c701c219393d30351a7c3aadbbde3aeefb7d35

    • SHA256

      9992114ca431bbcc576a1eebaaa878554ee85c4669e63e92adea8cc925fc9882

    • SHA512

      c606f2aed982bef5a200273a8b299bd996e0a4535b91cb4bb529080920ce78c7ed138e870bfdf1a57ed8cbbc05d5cdbe668ad1c3f98c42626303ae35671eb5d8

    Score
    10/10
    rmspersistencerattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks