Overview

overview

10

Static

static

fdee96f2a0...41.exe

windows7_x64

10

fdee96f2a0...41.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fdee96f2a0bb91e93638f9f760aa8eff5a3fbcbb3f8b9ae3890f797cc58e9941

  • Size

    4.9MB

  • Sample

    220520-dmaclaehg2

  • MD5

    b3476543f689631a1f4bf0a7f40bed46

  • SHA1

    0cf21934a82945d438d2fe1f40137f77a81d0b32

  • SHA256

    fdee96f2a0bb91e93638f9f760aa8eff5a3fbcbb3f8b9ae3890f797cc58e9941

  • SHA512

    242b81ab74e567626f1f655082ffe354d1a17c93cdb155c5a1cbb7a4ea962d5547ded6a08cb4e71b9c9678a3fb8676f8ef81a190d8073f1785ed32cf0952eb21

Score
10/10
rmsaspackv2evasionrattrojanupx

Malware Config

Targets

    • Target

      fdee96f2a0bb91e93638f9f760aa8eff5a3fbcbb3f8b9ae3890f797cc58e9941

    • Size

      4.9MB

    • MD5

      b3476543f689631a1f4bf0a7f40bed46

    • SHA1

      0cf21934a82945d438d2fe1f40137f77a81d0b32

    • SHA256

      fdee96f2a0bb91e93638f9f760aa8eff5a3fbcbb3f8b9ae3890f797cc58e9941

    • SHA512

      242b81ab74e567626f1f655082ffe354d1a17c93cdb155c5a1cbb7a4ea962d5547ded6a08cb4e71b9c9678a3fb8676f8ef81a190d8073f1785ed32cf0952eb21

    Score
    10/10
    rmsaspackv2evasionrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks