Overview

overview

10

Static

static

63c2b97943...0c.exe

windows7_x64

10

63c2b97943...0c.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63c2b97943d4609a3e654321d97a0eaa5aadb74326223aa2ec2055db7e8f2a0c

  • Size

    7.1MB

  • Sample

    220327-l62j7agcf9

  • MD5

    40c58d96efae59916aa70e2bc40dc077

  • SHA1

    8d278b36668194c76e8b921ea87cc605aa956be9

  • SHA256

    63c2b97943d4609a3e654321d97a0eaa5aadb74326223aa2ec2055db7e8f2a0c

  • SHA512

    bf4310956379b323eef9ee51a9030d76905f08d172585a7dc76fd86a666c806ec06c79a5f28a2ea74ac7fbd2161fcb4ebd5c9416291c72e67d31beeaa32fb533

Score
10/10
rmsdiscoveryevasionrattrojan

Malware Config

Targets

    • Target

      63c2b97943d4609a3e654321d97a0eaa5aadb74326223aa2ec2055db7e8f2a0c

    • Size

      7.1MB

    • MD5

      40c58d96efae59916aa70e2bc40dc077

    • SHA1

      8d278b36668194c76e8b921ea87cc605aa956be9

    • SHA256

      63c2b97943d4609a3e654321d97a0eaa5aadb74326223aa2ec2055db7e8f2a0c

    • SHA512

      bf4310956379b323eef9ee51a9030d76905f08d172585a7dc76fd86a666c806ec06c79a5f28a2ea74ac7fbd2161fcb4ebd5c9416291c72e67d31beeaa32fb533

    Score
    10/10
    rmsdiscoveryevasionrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Stops running service(s)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks