Overview

overview

10

Static

static

461e6ad688...21.exe

windows7_x64

10

461e6ad688...21.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    461e6ad688507293b6d489b4601c25a7d0a0e3eb9bcba9fa32d0c561b60b6b21

  • Size

    4.5MB

  • Sample

    220326-xyr7bsged7

  • MD5

    e185aecff3312c64359328255a121d03

  • SHA1

    083ca3fa6d3cbafd307d369ea45c8395b761f0b0

  • SHA256

    461e6ad688507293b6d489b4601c25a7d0a0e3eb9bcba9fa32d0c561b60b6b21

  • SHA512

    b3380386950076fb284c747953c9e81cd175f54e2a163ddfc33a31295e694cc84b5f025132fa26ccd0bd9c5c50a59e6ec8ac0afc431c7f8f8867e1fd406529da

Score
10/10
rmsaspackv2evasionrattrojanupx

Malware Config

Targets

    • Target

      461e6ad688507293b6d489b4601c25a7d0a0e3eb9bcba9fa32d0c561b60b6b21

    • Size

      4.5MB

    • MD5

      e185aecff3312c64359328255a121d03

    • SHA1

      083ca3fa6d3cbafd307d369ea45c8395b761f0b0

    • SHA256

      461e6ad688507293b6d489b4601c25a7d0a0e3eb9bcba9fa32d0c561b60b6b21

    • SHA512

      b3380386950076fb284c747953c9e81cd175f54e2a163ddfc33a31295e694cc84b5f025132fa26ccd0bd9c5c50a59e6ec8ac0afc431c7f8f8867e1fd406529da

    Score
    10/10
    rmsaspackv2evasionrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks