Overview

overview

10

Static

static

8

99fdd1d682...2e.exe

windows7_x64

10

99fdd1d682...2e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99fdd1d682a0c2999731ad61b2c0cc2e.exe

  • Size

    16.5MB

  • Sample

    220714-wza4rsdag5

  • MD5

    99fdd1d682a0c2999731ad61b2c0cc2e

  • SHA1

    b575cf708602d0285e97071dc7bee8daef415832

  • SHA256

    cf5da5a9b8b16d91c32b99d0379ff6729b42606ff38fee944b19e44977c8f2ea

  • SHA512

    24a5542741d1532e3616e8d74af884e0a195756c2c308fada9cc6778a8b4593579dd8a31b3d7dc915ff1385d1b2faadc1b82cae8e3e69f07ac52731b701f586b

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      99fdd1d682a0c2999731ad61b2c0cc2e.exe

    • Size

      16.5MB

    • MD5

      99fdd1d682a0c2999731ad61b2c0cc2e

    • SHA1

      b575cf708602d0285e97071dc7bee8daef415832

    • SHA256

      cf5da5a9b8b16d91c32b99d0379ff6729b42606ff38fee944b19e44977c8f2ea

    • SHA512

      24a5542741d1532e3616e8d74af884e0a195756c2c308fada9cc6778a8b4593579dd8a31b3d7dc915ff1385d1b2faadc1b82cae8e3e69f07ac52731b701f586b

    Score
    10/10
    rmsrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks