Overview

overview

10

Static

static

8

94e4d5fcc3...5f.exe

windows7_x64

10

94e4d5fcc3...5f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    94e4d5fcc31fc37aa29b3d042bc2c0295b66592f33730e05e2889a9a69f32f5f.exe

  • Size

    16.4MB

  • Sample

    220626-wz81ssdhc5

  • MD5

    54a57c4a0b4891ad3ea90bdf833beed7

  • SHA1

    7c9bf87daa9c7f894dcfdaa19e75808938db9f51

  • SHA256

    94e4d5fcc31fc37aa29b3d042bc2c0295b66592f33730e05e2889a9a69f32f5f

  • SHA512

    1750105257b095c3c97d2a45a9eede594caebdce4f5c7791c008b782067844ae9519deed0bd5358f87bf9a3d3fa06c543a23a81c9a63bf456e4357546f9b3d18

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      94e4d5fcc31fc37aa29b3d042bc2c0295b66592f33730e05e2889a9a69f32f5f.exe

    • Size

      16.4MB

    • MD5

      54a57c4a0b4891ad3ea90bdf833beed7

    • SHA1

      7c9bf87daa9c7f894dcfdaa19e75808938db9f51

    • SHA256

      94e4d5fcc31fc37aa29b3d042bc2c0295b66592f33730e05e2889a9a69f32f5f

    • SHA512

      1750105257b095c3c97d2a45a9eede594caebdce4f5c7791c008b782067844ae9519deed0bd5358f87bf9a3d3fa06c543a23a81c9a63bf456e4357546f9b3d18

    Score
    10/10
    rmsrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks