Overview

overview

10

Static

static

857305aac2...ef.exe

windows7_x64

10

857305aac2...ef.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    857305aac2852c804b0c37f237a098db3007cfded1fde6fd6dd5c4cb261d7bef

  • Size

    4.2MB

  • Sample

    220524-1a7hwsceej

  • MD5

    a4cb05cc6d5cdf278edbbed2c65ef0a9

  • SHA1

    6a7518bc87321192d598044db3036389cfb7420d

  • SHA256

    857305aac2852c804b0c37f237a098db3007cfded1fde6fd6dd5c4cb261d7bef

  • SHA512

    e086914151a7e238740d816ea63672804e7e5c587a4db231a1d40091d8e54db960463038efdee5aee0ab9aba187d17f70e5bc72ba1265b6a8c2ed467a793823a

Score
10/10
rmsaspackv2rattrojanupx

Malware Config

Targets

    • Target

      857305aac2852c804b0c37f237a098db3007cfded1fde6fd6dd5c4cb261d7bef

    • Size

      4.2MB

    • MD5

      a4cb05cc6d5cdf278edbbed2c65ef0a9

    • SHA1

      6a7518bc87321192d598044db3036389cfb7420d

    • SHA256

      857305aac2852c804b0c37f237a098db3007cfded1fde6fd6dd5c4cb261d7bef

    • SHA512

      e086914151a7e238740d816ea63672804e7e5c587a4db231a1d40091d8e54db960463038efdee5aee0ab9aba187d17f70e5bc72ba1265b6a8c2ed467a793823a

    Score
    10/10
    rmsaspackv2rattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks