Overview

overview

10

Static

static

ab269b10f7...5f.exe

windows7_x64

10

ab269b10f7...5f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab269b10f73c08e0ad9d0a99e2cc33bfaa52129b873b3410051fc3a89f9ead5f

  • Size

    4.5MB

  • Sample

    220630-whf9fsgfd8

  • MD5

    bb1a2e37da7ed8d7362c24c15ce39064

  • SHA1

    beec351f6397eca18ec53091e116782bcc8cd25d

  • SHA256

    ab269b10f73c08e0ad9d0a99e2cc33bfaa52129b873b3410051fc3a89f9ead5f

  • SHA512

    45acd2886dbcc0228c99d07666230a07cecb5001bd086327dcdede19376604b4630ce66d062d5ff484887d23cd8428ab98dc5a2ae34d883ebd1191bca956c831

Score
10/10
rmsaspackv2evasionrattrojanupx

Malware Config

Targets

    • Target

      ab269b10f73c08e0ad9d0a99e2cc33bfaa52129b873b3410051fc3a89f9ead5f

    • Size

      4.5MB

    • MD5

      bb1a2e37da7ed8d7362c24c15ce39064

    • SHA1

      beec351f6397eca18ec53091e116782bcc8cd25d

    • SHA256

      ab269b10f73c08e0ad9d0a99e2cc33bfaa52129b873b3410051fc3a89f9ead5f

    • SHA512

      45acd2886dbcc0228c99d07666230a07cecb5001bd086327dcdede19376604b4630ce66d062d5ff484887d23cd8428ab98dc5a2ae34d883ebd1191bca956c831

    Score
    10/10
    rmsaspackv2evasionrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks