Overview

overview

10

Static

static

02b9e351e5...2c.exe

windows7_x64

10

02b9e351e5...2c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c

  • Size

    17.8MB

  • Sample

    220528-djqkeaadhk

  • MD5

    718d25363e1de0a0d97821ca14c9458f

  • SHA1

    ac1ab30c7cc553727797afdcc71f9b298329e9ef

  • SHA256

    02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c

  • SHA512

    98ee2664623585dc2c751403b23481d112a3c7b357754fcfdb15e0ba6c5a9f5c7e352e8e6d8a79f7b6ae10da817f0d29eed6de7e7479f3b26468857615cef5cf

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c

    • Size

      17.8MB

    • MD5

      718d25363e1de0a0d97821ca14c9458f

    • SHA1

      ac1ab30c7cc553727797afdcc71f9b298329e9ef

    • SHA256

      02b9e351e53b7a9bd5390c5b49078b19dfa5426316a323662f7c552ba868c12c

    • SHA512

      98ee2664623585dc2c751403b23481d112a3c7b357754fcfdb15e0ba6c5a9f5c7e352e8e6d8a79f7b6ae10da817f0d29eed6de7e7479f3b26468857615cef5cf

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks