Overview

overview

10

Static

static

4f3dd697e6...ea.exe

windows7-x64

10

4f3dd697e6...ea.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f3dd697e63ccc0b03c14ccedde26448dec03ac3d66753cd0022b01bc6ba0bea

  • Size

    13.2MB

  • Sample

    220720-sdwa2agghn

  • MD5

    22c90557f6be30aabb4726ef13a739fa

  • SHA1

    349ace1bf3cc504acc8ef753546bdba5101052e9

  • SHA256

    4f3dd697e63ccc0b03c14ccedde26448dec03ac3d66753cd0022b01bc6ba0bea

  • SHA512

    c4407f39fa7f1d176a82999d9dc1f7893a51fcb81508b044c198947dab1a19c259a97379841ccf83b5b011a423b8d089ff1331c0ca42a8bd5787fe8be98b6422

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      4f3dd697e63ccc0b03c14ccedde26448dec03ac3d66753cd0022b01bc6ba0bea

    • Size

      13.2MB

    • MD5

      22c90557f6be30aabb4726ef13a739fa

    • SHA1

      349ace1bf3cc504acc8ef753546bdba5101052e9

    • SHA256

      4f3dd697e63ccc0b03c14ccedde26448dec03ac3d66753cd0022b01bc6ba0bea

    • SHA512

      c4407f39fa7f1d176a82999d9dc1f7893a51fcb81508b044c198947dab1a19c259a97379841ccf83b5b011a423b8d089ff1331c0ca42a8bd5787fe8be98b6422

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks