Overview

overview

10

Static

static

8

2b4d53fb1d...05.exe

windows7_x64

10

2b4d53fb1d...05.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2b4d53fb1d733818ebd713a6ae79ebf18195ebfa384d093cb283bce1114ac605

  • Size

    3.4MB

  • Sample

    220615-c6a8kadcg7

  • MD5

    8279eee369a3b55dc38864a94af4b068

  • SHA1

    422b96672da684f42b0855acbb26f03aa827984a

  • SHA256

    2b4d53fb1d733818ebd713a6ae79ebf18195ebfa384d093cb283bce1114ac605

  • SHA512

    9ca4b160dc03c3940dff1aba0572eaa7a6eb0bff0a892e365fba7e2c39cec3a62a92f63e5bbfa245b05916d5a561c94a93d5f47593f918acb774024016adab39

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      2b4d53fb1d733818ebd713a6ae79ebf18195ebfa384d093cb283bce1114ac605

    • Size

      3.4MB

    • MD5

      8279eee369a3b55dc38864a94af4b068

    • SHA1

      422b96672da684f42b0855acbb26f03aa827984a

    • SHA256

      2b4d53fb1d733818ebd713a6ae79ebf18195ebfa384d093cb283bce1114ac605

    • SHA512

      9ca4b160dc03c3940dff1aba0572eaa7a6eb0bff0a892e365fba7e2c39cec3a62a92f63e5bbfa245b05916d5a561c94a93d5f47593f918acb774024016adab39

    Score
    10/10
    rmsrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks