Overview

overview

10

Static

static

c770322a2b...b6.exe

windows7_x64

10

c770322a2b...b6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c770322a2b938abb69531118353c43aeb8f47d69a0a756434f57d65716c2deb6

  • Size

    4.1MB

  • Sample

    220502-vypebsdgfl

  • MD5

    75416a25dada56cf262f95caa734d836

  • SHA1

    5a7c2079bd56b1dfa5cc4911910e560399d8dc02

  • SHA256

    c770322a2b938abb69531118353c43aeb8f47d69a0a756434f57d65716c2deb6

  • SHA512

    c3404dfb33fd3c963669af8b30fed1edab32c3b758b1a7d9eabd7e2872dc65e511c11ebfe6e17ed242e05a6cd9c5a71abd927b87b2fb4bd485f14e0fe6e8df0f

Score
10/10
rmsaspackv2rattrojanupx

Malware Config

Targets

    • Target

      c770322a2b938abb69531118353c43aeb8f47d69a0a756434f57d65716c2deb6

    • Size

      4.1MB

    • MD5

      75416a25dada56cf262f95caa734d836

    • SHA1

      5a7c2079bd56b1dfa5cc4911910e560399d8dc02

    • SHA256

      c770322a2b938abb69531118353c43aeb8f47d69a0a756434f57d65716c2deb6

    • SHA512

      c3404dfb33fd3c963669af8b30fed1edab32c3b758b1a7d9eabd7e2872dc65e511c11ebfe6e17ed242e05a6cd9c5a71abd927b87b2fb4bd485f14e0fe6e8df0f

    Score
    10/10
    rmsaspackv2rattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks