Overview

overview

10

Static

static

03ecfa9e62...4f.exe

windows7_x64

10

03ecfa9e62...4f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03ecfa9e62c6c03568209dcb2976354c0957da79f77bcf1368478c366042cd4f

  • Size

    6.2MB

  • Sample

    220524-1ls5mschhq

  • MD5

    24e11f360833c184ac76cde7cc727b0e

  • SHA1

    88438fab6c4a4120c1e09c8abe876ed4108c6906

  • SHA256

    03ecfa9e62c6c03568209dcb2976354c0957da79f77bcf1368478c366042cd4f

  • SHA512

    d2d25c1c5d3be123006efb50fb802325004287b0e1aeea7fe656fc6b8d61760d5b257a4460f1b24b410334a61c2a405f36ce6c65f3e93319c763e244f9d6f87e

Score
10/10
rmspersistencerattrojan

Malware Config

Targets

    • Target

      03ecfa9e62c6c03568209dcb2976354c0957da79f77bcf1368478c366042cd4f

    • Size

      6.2MB

    • MD5

      24e11f360833c184ac76cde7cc727b0e

    • SHA1

      88438fab6c4a4120c1e09c8abe876ed4108c6906

    • SHA256

      03ecfa9e62c6c03568209dcb2976354c0957da79f77bcf1368478c366042cd4f

    • SHA512

      d2d25c1c5d3be123006efb50fb802325004287b0e1aeea7fe656fc6b8d61760d5b257a4460f1b24b410334a61c2a405f36ce6c65f3e93319c763e244f9d6f87e

    Score
    10/10
    rmspersistencerattrojan

    • Modifies WinLogon for persistence

      persistence

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks