Overview

overview

10

Static

static

25d21f44ec...e3.exe

windows7_x64

10

25d21f44ec...e3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25d21f44ec2dadf7600ce6627032b56723d0aa8a6df72ebe974e472cb86e52e3

  • Size

    4.1MB

  • Sample

    220327-d34alscga9

  • MD5

    75cddf50910252ceef5107a43e98482b

  • SHA1

    703d4737bd193bc81477ac13258cd86bb2211fad

  • SHA256

    25d21f44ec2dadf7600ce6627032b56723d0aa8a6df72ebe974e472cb86e52e3

  • SHA512

    f94b0fd1d47fb3f147670324f06f68720683c144c793944b8a8ad81ab333b9b6a0fa7adb1b27593e42f49234c4cca7dc11e21cd3b8fc1bb10013bcacb2756e0e

Score
10/10
rmsevasionrattrojan

Malware Config

Targets

    • Target

      25d21f44ec2dadf7600ce6627032b56723d0aa8a6df72ebe974e472cb86e52e3

    • Size

      4.1MB

    • MD5

      75cddf50910252ceef5107a43e98482b

    • SHA1

      703d4737bd193bc81477ac13258cd86bb2211fad

    • SHA256

      25d21f44ec2dadf7600ce6627032b56723d0aa8a6df72ebe974e472cb86e52e3

    • SHA512

      f94b0fd1d47fb3f147670324f06f68720683c144c793944b8a8ad81ab333b9b6a0fa7adb1b27593e42f49234c4cca7dc11e21cd3b8fc1bb10013bcacb2756e0e

    Score
    10/10
    rmsevasionrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks