Overview

overview

10

Static

static

94cee9364c...4e.exe

windows7_x64

10

94cee9364c...4e.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    94cee9364c9b5bb05b4633f55c6646304768a107f8e0096935476c2709d92c4e

  • Size

    4.1MB

  • Sample

    220524-q7bglsddd4

  • MD5

    31a8cb6a5c8db75522c9c470243c7fc8

  • SHA1

    4a78c47ad57b2c74cba64f2eccc7e051e50c996f

  • SHA256

    94cee9364c9b5bb05b4633f55c6646304768a107f8e0096935476c2709d92c4e

  • SHA512

    86115245885a14200c788abb327740d143a3cd865a3d03f9cd0871a90a2dbd0f7734942abbc84fc1064eebf023e26eaff7109ad65301e61faf44ea4ca8c12d50

Score
10/10
rmsevasionrattrojan

Malware Config

Targets

    • Target

      94cee9364c9b5bb05b4633f55c6646304768a107f8e0096935476c2709d92c4e

    • Size

      4.1MB

    • MD5

      31a8cb6a5c8db75522c9c470243c7fc8

    • SHA1

      4a78c47ad57b2c74cba64f2eccc7e051e50c996f

    • SHA256

      94cee9364c9b5bb05b4633f55c6646304768a107f8e0096935476c2709d92c4e

    • SHA512

      86115245885a14200c788abb327740d143a3cd865a3d03f9cd0871a90a2dbd0f7734942abbc84fc1064eebf023e26eaff7109ad65301e61faf44ea4ca8c12d50

    Score
    10/10
    rmsevasionrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks