Overview

overview

10

Static

static

292858e48a...83.exe

windows7_x64

10

292858e48a...83.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    292858e48a0ee113c82c84c33838f65b812b95590e9a0493d5a3a55d25f26d83

  • Size

    6.1MB

  • Sample

    220415-p14zxahghn

  • MD5

    d6ee37f2d1136d86360f7565e2f7199b

  • SHA1

    6da1269c295ab990155a25e83540113e39d52598

  • SHA256

    292858e48a0ee113c82c84c33838f65b812b95590e9a0493d5a3a55d25f26d83

  • SHA512

    abac01642860f802f98be889b4085bb28be11b7fc96d21034234072dea663eda9fc43caa8c613a8bbdc895cba23e8ac831409e7b86e2b2e4b0397e4dec43fb6a

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      292858e48a0ee113c82c84c33838f65b812b95590e9a0493d5a3a55d25f26d83

    • Size

      6.1MB

    • MD5

      d6ee37f2d1136d86360f7565e2f7199b

    • SHA1

      6da1269c295ab990155a25e83540113e39d52598

    • SHA256

      292858e48a0ee113c82c84c33838f65b812b95590e9a0493d5a3a55d25f26d83

    • SHA512

      abac01642860f802f98be889b4085bb28be11b7fc96d21034234072dea663eda9fc43caa8c613a8bbdc895cba23e8ac831409e7b86e2b2e4b0397e4dec43fb6a

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks