Overview

overview

10

Static

static

B55CF23B9C...BB.exe

windows7_x64

10

B55CF23B9C...BB.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    B55CF23B9C1295CB522A86734D55DE3A3263E63FC58BB.exe

  • Size

    6.7MB

  • Sample

    220517-pb1wyseccm

  • MD5

    3c4993b2cba2e109bfb33d6e78fa1880

  • SHA1

    db17088deb0a3860013b390b0ef184ea061209fc

  • SHA256

    b55cf23b9c1295cb522a86734d55de3a3263e63fc58bb4004de54fd4475c531e

  • SHA512

    d63b9c7bd3583c7eea61b098070a03e99ccf2525ecda19da08639900061b9bbf117f6a678d15eb75876f6ba073cdc00f5a48bd5c8606575e10c5fa9a6b3e4171

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      B55CF23B9C1295CB522A86734D55DE3A3263E63FC58BB.exe

    • Size

      6.7MB

    • MD5

      3c4993b2cba2e109bfb33d6e78fa1880

    • SHA1

      db17088deb0a3860013b390b0ef184ea061209fc

    • SHA256

      b55cf23b9c1295cb522a86734d55de3a3263e63fc58bb4004de54fd4475c531e

    • SHA512

      d63b9c7bd3583c7eea61b098070a03e99ccf2525ecda19da08639900061b9bbf117f6a678d15eb75876f6ba073cdc00f5a48bd5c8606575e10c5fa9a6b3e4171

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks