Overview

overview

10

Static

static

2f82a8a55e...d7.exe

windows7_x64

10

2f82a8a55e...d7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f82a8a55efa100e0c5e53e900fcc619acaf93722402a344b96a91ffc43a6ad7

  • Size

    6.2MB

  • Sample

    220524-spahpsffg7

  • MD5

    356913848fb427f7b52d515bbee6be82

  • SHA1

    47e01fcf54f4f5b57dd112a902e75b3c68ec4345

  • SHA256

    2f82a8a55efa100e0c5e53e900fcc619acaf93722402a344b96a91ffc43a6ad7

  • SHA512

    1a63d351ac6304a3c318f0aa1a8d6d1856a891e304f42401921adfb850056575cbae8938ebc43753ea6347810f5aac4db9cdfe5b4acbda7356092f73b3bc8130

Score
10/10
rmspersistencerattrojan

Malware Config

Targets

    • Target

      2f82a8a55efa100e0c5e53e900fcc619acaf93722402a344b96a91ffc43a6ad7

    • Size

      6.2MB

    • MD5

      356913848fb427f7b52d515bbee6be82

    • SHA1

      47e01fcf54f4f5b57dd112a902e75b3c68ec4345

    • SHA256

      2f82a8a55efa100e0c5e53e900fcc619acaf93722402a344b96a91ffc43a6ad7

    • SHA512

      1a63d351ac6304a3c318f0aa1a8d6d1856a891e304f42401921adfb850056575cbae8938ebc43753ea6347810f5aac4db9cdfe5b4acbda7356092f73b3bc8130

    Score
    10/10
    rmspersistencerattrojan

    • Modifies WinLogon for persistence

      persistence

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks