Overview

overview

10

Static

static

eb91d28919...73.exe

windows7_x64

10

eb91d28919...73.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb91d289197f07fda8a08894d029fbe33e91bb323b768b270f72ea836ef32b73

  • Size

    6.2MB

  • Sample

    220524-ra6rxsdfc3

  • MD5

    e82db76be0d58a328eee825d535ff439

  • SHA1

    9a86912e4b058b3947b2e6aa6d7673a1db28c04d

  • SHA256

    eb91d289197f07fda8a08894d029fbe33e91bb323b768b270f72ea836ef32b73

  • SHA512

    ffbad76e3b46f77adfcd9296442e488dfcd9d32c3424e43f853a3a77c1f6580325b03bafff32cdea021fd607b871e686555fffd2a2b6676a0462c68005edd690

Score
10/10
rmspersistencerattrojan

Malware Config

Targets

    • Target

      eb91d289197f07fda8a08894d029fbe33e91bb323b768b270f72ea836ef32b73

    • Size

      6.2MB

    • MD5

      e82db76be0d58a328eee825d535ff439

    • SHA1

      9a86912e4b058b3947b2e6aa6d7673a1db28c04d

    • SHA256

      eb91d289197f07fda8a08894d029fbe33e91bb323b768b270f72ea836ef32b73

    • SHA512

      ffbad76e3b46f77adfcd9296442e488dfcd9d32c3424e43f853a3a77c1f6580325b03bafff32cdea021fd607b871e686555fffd2a2b6676a0462c68005edd690

    Score
    10/10
    rmsrattrojanpersistence

    • Modifies WinLogon for persistence

      persistence

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks