Overview

overview

10

Static

static

8cddc34190...d6.exe

windows7_x64

10

8cddc34190...d6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8cddc3419075658d7c496f64b11da3cb7a160975dea433b225e5f4abf14faed6

  • Size

    4.9MB

  • Sample

    220415-c576xadad5

  • MD5

    d185c349aac57a8110960b48a02beb86

  • SHA1

    4fe415341360152237d81edf69ed429f611df426

  • SHA256

    8cddc3419075658d7c496f64b11da3cb7a160975dea433b225e5f4abf14faed6

  • SHA512

    4368d587f3e07a0c7bcb07182afd858d95c733b10f65da1d8f9eedf50cd7cb1c3163b62892e7c6c808cc4416f5eebe57c236480e53ae78ad31c9130f4b379d2a

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      8cddc3419075658d7c496f64b11da3cb7a160975dea433b225e5f4abf14faed6

    • Size

      4.9MB

    • MD5

      d185c349aac57a8110960b48a02beb86

    • SHA1

      4fe415341360152237d81edf69ed429f611df426

    • SHA256

      8cddc3419075658d7c496f64b11da3cb7a160975dea433b225e5f4abf14faed6

    • SHA512

      4368d587f3e07a0c7bcb07182afd858d95c733b10f65da1d8f9eedf50cd7cb1c3163b62892e7c6c808cc4416f5eebe57c236480e53ae78ad31c9130f4b379d2a

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks