Overview

overview

10

Static

static

8

tmp.exe

windows7_x64

10

tmp.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    11.1MB

  • Sample

    220310-mmtkxahfgr

  • MD5

    a8a61254b9dfa010b05e2da824b51f5d

  • SHA1

    2c2dd9ae6a509328744e840191f3b4c6017d5da5

  • SHA256

    cd157621302e63f0054b03638b7a2e9eff21d4b85edbcb9b7d6694fca6d59022

  • SHA512

    7fdafae19a13f826d00aabc1b132216df035c7a1c6888e9e50d79cfc0e2879aa2ee020c96ab38fdf41d269c415ce983b64d5d1686337f2750c9a129dff3c4e16

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      tmp

    • Size

      11.1MB

    • MD5

      a8a61254b9dfa010b05e2da824b51f5d

    • SHA1

      2c2dd9ae6a509328744e840191f3b4c6017d5da5

    • SHA256

      cd157621302e63f0054b03638b7a2e9eff21d4b85edbcb9b7d6694fca6d59022

    • SHA512

      7fdafae19a13f826d00aabc1b132216df035c7a1c6888e9e50d79cfc0e2879aa2ee020c96ab38fdf41d269c415ce983b64d5d1686337f2750c9a129dff3c4e16

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks