Overview

overview

10

Static

static

c6ae2a0b0f...0f.exe

windows7_x64

10

c6ae2a0b0f...0f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6ae2a0b0f38a4ba7400ab305a0f19792a14edb8c1d3d43672083f9031576c0f

  • Size

    4.0MB

  • Sample

    220524-vhz6wseahj

  • MD5

    47a55c6f21868aa86373a11a8eaa5bec

  • SHA1

    c633684febfc5fd8e81c5aa017f49e2761d550e9

  • SHA256

    c6ae2a0b0f38a4ba7400ab305a0f19792a14edb8c1d3d43672083f9031576c0f

  • SHA512

    92d2042c8b4408676c96ae02e96506453ebfce68f385d329a465bcd551c8ffe8630945e4260125979d44fb0064c28b9149800c43834414d18db0bcb69873f394

Score
10/10
rmsaspackv2rattrojanupx

Malware Config

Targets

    • Target

      c6ae2a0b0f38a4ba7400ab305a0f19792a14edb8c1d3d43672083f9031576c0f

    • Size

      4.0MB

    • MD5

      47a55c6f21868aa86373a11a8eaa5bec

    • SHA1

      c633684febfc5fd8e81c5aa017f49e2761d550e9

    • SHA256

      c6ae2a0b0f38a4ba7400ab305a0f19792a14edb8c1d3d43672083f9031576c0f

    • SHA512

      92d2042c8b4408676c96ae02e96506453ebfce68f385d329a465bcd551c8ffe8630945e4260125979d44fb0064c28b9149800c43834414d18db0bcb69873f394

    Score
    10/10
    rmsrattrojanaspackv2upx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks