Overview

overview

10

Static

static

09fedab0a9...30.exe

windows7_x64

10

09fedab0a9...30.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09fedab0a9fa3fb1df61aa984c9891261b9e15c4ad7bea3de045711f7b081230

  • Size

    10.2MB

  • Sample

    220213-s23d9abdb6

  • MD5

    febef1b6e8b7bf8579dacaa6798f73fe

  • SHA1

    012e2cfd33f6d43c427d005201488f2a02a078aa

  • SHA256

    09fedab0a9fa3fb1df61aa984c9891261b9e15c4ad7bea3de045711f7b081230

  • SHA512

    09fb12a8769ba8789d0472933f0aa33c0f44453809bfe3793bd20a9901bf91fbd0d087efb0802beac18d25b14e1245c2ceefeecbc12f805cf44be947f25e12cc

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      09fedab0a9fa3fb1df61aa984c9891261b9e15c4ad7bea3de045711f7b081230

    • Size

      10.2MB

    • MD5

      febef1b6e8b7bf8579dacaa6798f73fe

    • SHA1

      012e2cfd33f6d43c427d005201488f2a02a078aa

    • SHA256

      09fedab0a9fa3fb1df61aa984c9891261b9e15c4ad7bea3de045711f7b081230

    • SHA512

      09fb12a8769ba8789d0472933f0aa33c0f44453809bfe3793bd20a9901bf91fbd0d087efb0802beac18d25b14e1245c2ceefeecbc12f805cf44be947f25e12cc

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks