Overview

overview

10

Static

static

D3E198D029...B1.exe

windows7_x64

10

D3E198D029...B1.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    D3E198D02970C41C83DC1564901DF7870AE8753450EB1.exe

  • Size

    4.0MB

  • Sample

    220420-k57jdaahfp

  • MD5

    08d8635c2d1c55bd8e9b75f3a0dba935

  • SHA1

    0a775ac49ce5eb194b11d08527a005519feb8b7e

  • SHA256

    d3e198d02970c41c83dc1564901df7870ae8753450eb16fd4e264224b80a2ee5

  • SHA512

    2d4d5ae871f308767f81e9cb611836e9e05ef64e96dc19316a9965bf94da44c51b851e8563a680b703a35e5a095492c6d67fb9408c91d5e42f082fbabd5affd7

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      D3E198D02970C41C83DC1564901DF7870AE8753450EB1.exe

    • Size

      4.0MB

    • MD5

      08d8635c2d1c55bd8e9b75f3a0dba935

    • SHA1

      0a775ac49ce5eb194b11d08527a005519feb8b7e

    • SHA256

      d3e198d02970c41c83dc1564901df7870ae8753450eb16fd4e264224b80a2ee5

    • SHA512

      2d4d5ae871f308767f81e9cb611836e9e05ef64e96dc19316a9965bf94da44c51b851e8563a680b703a35e5a095492c6d67fb9408c91d5e42f082fbabd5affd7

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks