Overview

overview

10

Static

static

e941f62dd4...db.exe

windows7-x64

10

e941f62dd4...db.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e941f62dd4914c818f2f2e85d9194640ea73ef3fb2823c262cb3a2abe23052db

  • Size

    5.4MB

  • Sample

    221011-swpafacabl

  • MD5

    7c8224fab6efe821297c0edf80701b58

  • SHA1

    07a556fe87ff34ce62472be51efaa60f8c1f03dc

  • SHA256

    e941f62dd4914c818f2f2e85d9194640ea73ef3fb2823c262cb3a2abe23052db

  • SHA512

    62dfc54bf5419e2176e42e39189dc79f6ccd508cc01e3e6e7f020d74b27ea4ab138dc826c158c5650db40a03e1b92162c429dc499ea386bd38c9d86156600dc5

  • SSDEEP

    98304:n32Z/1caWAv9lNibmheg2YqwFfxh4AtvoZxDxbZDbClM+T/5P/9cneW/L3Nod7F:n3iDN9lEbmhTOwFJCeAddb4Jz53Gxzu/

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      e941f62dd4914c818f2f2e85d9194640ea73ef3fb2823c262cb3a2abe23052db

    • Size

      5.4MB

    • MD5

      7c8224fab6efe821297c0edf80701b58

    • SHA1

      07a556fe87ff34ce62472be51efaa60f8c1f03dc

    • SHA256

      e941f62dd4914c818f2f2e85d9194640ea73ef3fb2823c262cb3a2abe23052db

    • SHA512

      62dfc54bf5419e2176e42e39189dc79f6ccd508cc01e3e6e7f020d74b27ea4ab138dc826c158c5650db40a03e1b92162c429dc499ea386bd38c9d86156600dc5

    • SSDEEP

      98304:n32Z/1caWAv9lNibmheg2YqwFfxh4AtvoZxDxbZDbClM+T/5P/9cneW/L3Nod7F:n3iDN9lEbmhTOwFJCeAddb4Jz53Gxzu/

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks