Overview

overview

10

Static

static

4a2f824697...2f.exe

windows7_x64

4a2f824697...2f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a2f824697922155097409c23630b9fc6e11c26b180511ecefa5fec78201392f

  • Size

    13.2MB

  • Sample

    220712-rmk1zsdeep

  • MD5

    8d883de244ee0f8dabd218f83d991e31

  • SHA1

    88eff0f887ecf236117abffb426b32db0ad4838d

  • SHA256

    4a2f824697922155097409c23630b9fc6e11c26b180511ecefa5fec78201392f

  • SHA512

    f2ae09e0a14ac7f72047160ed313c5f487b632d8c1fa2f65a204ea42d9c13e167832f4fb51bc1535ef99757987320772a340be79d8df06e5f15f3d73ca35263f

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      4a2f824697922155097409c23630b9fc6e11c26b180511ecefa5fec78201392f

    • Size

      13.2MB

    • MD5

      8d883de244ee0f8dabd218f83d991e31

    • SHA1

      88eff0f887ecf236117abffb426b32db0ad4838d

    • SHA256

      4a2f824697922155097409c23630b9fc6e11c26b180511ecefa5fec78201392f

    • SHA512

      f2ae09e0a14ac7f72047160ed313c5f487b632d8c1fa2f65a204ea42d9c13e167832f4fb51bc1535ef99757987320772a340be79d8df06e5f15f3d73ca35263f

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks