Overview

overview

10

Static

static

f2435506ae...c1.exe

windows7_x64

10

f2435506ae...c1.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f2435506ae840503e8de6dc5b75d92390cf1c84eab6e1ea9b42f006fba7d0dc1

  • Size

    4.5MB

  • Sample

    220324-ev8qsscae3

  • MD5

    fe9a45491e215a118d47a7e9d2ec0150

  • SHA1

    c943abab28f86b51771ff69f9deebdb52748f601

  • SHA256

    f2435506ae840503e8de6dc5b75d92390cf1c84eab6e1ea9b42f006fba7d0dc1

  • SHA512

    dc97ed149dddde987206aa7b27baf097cd086354e67923f67acc113c12c98c7bed97551f17c352ac0771bc66e297e8e187c2d6087540238a0ebae6f24c9df12e

Score
10/10
rmsaspackv2evasionrattrojanupx

Malware Config

Targets

    • Target

      f2435506ae840503e8de6dc5b75d92390cf1c84eab6e1ea9b42f006fba7d0dc1

    • Size

      4.5MB

    • MD5

      fe9a45491e215a118d47a7e9d2ec0150

    • SHA1

      c943abab28f86b51771ff69f9deebdb52748f601

    • SHA256

      f2435506ae840503e8de6dc5b75d92390cf1c84eab6e1ea9b42f006fba7d0dc1

    • SHA512

      dc97ed149dddde987206aa7b27baf097cd086354e67923f67acc113c12c98c7bed97551f17c352ac0771bc66e297e8e187c2d6087540238a0ebae6f24c9df12e

    Score
    10/10
    rmsaspackv2evasionrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks