Overview

overview

10

Static

static

8

agent7.1.2.0 .exe

windows7_x64

10

agent7.1.2.0 .exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    agent7.1.2.0 .exe

  • Size

    16.9MB

  • Sample

    220711-qtw66abhb9

  • MD5

    8447cd76c56cb7c13dc31d3aaadff615

  • SHA1

    0b2d53a0699add6ad76c5141eeb67ac77277cd14

  • SHA256

    413af64238d7985f1749cb5903bac8e17a58d37408488992d40247b42fcffbc7

  • SHA512

    666a8d64a5815e9fedb568db02ce31c7f7e76764503976cfa1301fbc70cef7c37dacf3e00d957227f745e4bc96b6fa8bda10fb418ddcf9ce12564f9e55a1f590

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      agent7.1.2.0 .exe

    • Size

      16.9MB

    • MD5

      8447cd76c56cb7c13dc31d3aaadff615

    • SHA1

      0b2d53a0699add6ad76c5141eeb67ac77277cd14

    • SHA256

      413af64238d7985f1749cb5903bac8e17a58d37408488992d40247b42fcffbc7

    • SHA512

      666a8d64a5815e9fedb568db02ce31c7f7e76764503976cfa1301fbc70cef7c37dacf3e00d957227f745e4bc96b6fa8bda10fb418ddcf9ce12564f9e55a1f590

    Score
    10/10
    rmsrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks