Overview

overview

10

Static

static

8

04c8196c86...28.exe

windows7_x64

10

04c8196c86...28.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04c8196c86c206783bdb7ab846534328.exe

  • Size

    15.1MB

  • Sample

    220314-x54hyabdh8

  • MD5

    04c8196c86c206783bdb7ab846534328

  • SHA1

    949bbc7eb298f29fc39beb5297fde49ab9175950

  • SHA256

    d33b0bce0ea5e62ba7480d8e150e021bf9151f5308400dac01a133fa4a94cbba

  • SHA512

    e4968310b99251e509d367d0e25f642c957de523b4635165f0e4d01fc8c849c8724d1f78f6b329f12d66f54618e693d4992fd24c9773348ae27aac4b9ea8e580

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      04c8196c86c206783bdb7ab846534328.exe

    • Size

      15.1MB

    • MD5

      04c8196c86c206783bdb7ab846534328

    • SHA1

      949bbc7eb298f29fc39beb5297fde49ab9175950

    • SHA256

      d33b0bce0ea5e62ba7480d8e150e021bf9151f5308400dac01a133fa4a94cbba

    • SHA512

      e4968310b99251e509d367d0e25f642c957de523b4635165f0e4d01fc8c849c8724d1f78f6b329f12d66f54618e693d4992fd24c9773348ae27aac4b9ea8e580

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks