Overview

overview

10

Static

static

d3a0e0db4c...d5.exe

windows7_x64

10

d3a0e0db4c...d5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d3a0e0db4c175d6c06c54909e986f5c252904dd604aba3c668a2966f5fca42d5

  • Size

    4.5MB

  • Sample

    220415-f6b2msaga2

  • MD5

    df90a4b81b13da8e76a73f5805cd259b

  • SHA1

    5ce1bb0bc4ca5d85e4f8c309191c83b7b845e210

  • SHA256

    d3a0e0db4c175d6c06c54909e986f5c252904dd604aba3c668a2966f5fca42d5

  • SHA512

    42acbce87827ea155f1ac0f958dd8bc493a970b9efa6cd7d7c090b9bb97c0c7dfd9b55a5e6d84408b4fb51362049e7cbdba7d9f6f2af60dd52e3c059d8673fff

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      d3a0e0db4c175d6c06c54909e986f5c252904dd604aba3c668a2966f5fca42d5

    • Size

      4.5MB

    • MD5

      df90a4b81b13da8e76a73f5805cd259b

    • SHA1

      5ce1bb0bc4ca5d85e4f8c309191c83b7b845e210

    • SHA256

      d3a0e0db4c175d6c06c54909e986f5c252904dd604aba3c668a2966f5fca42d5

    • SHA512

      42acbce87827ea155f1ac0f958dd8bc493a970b9efa6cd7d7c090b9bb97c0c7dfd9b55a5e6d84408b4fb51362049e7cbdba7d9f6f2af60dd52e3c059d8673fff

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks