Overview

overview

10

Static

static

1

25567135ec...85.exe

windows7-x64

10

25567135ec...85.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25567135ec1b3375d957d61f20e39b7a442b5a87f3f3591f67d47a1441455585

  • Size

    3.6MB

  • Sample

    221022-lqfmsacdaq

  • MD5

    21ae834bdd5b89bacacca4d51cf82148

  • SHA1

    601d1d2751a2af976556b6cfa84201b76003cff5

  • SHA256

    25567135ec1b3375d957d61f20e39b7a442b5a87f3f3591f67d47a1441455585

  • SHA512

    1e29739482431972865a2ceac2404cccea7c5bc5d1257dcfefcd9e9d2a16820bad8dad79d0c88192170c83a84fea8e0900bc38764b313dbb66d4f4aefd5ccde8

  • SSDEEP

    98304:c4cVYH4QXqDLusX30tPoOvE7CcJaDcUkXaluXvdPzJ:oWH4LXeRoZ7CcPUQXvdPzJ

Score
10/10
rmspersistencerattrojanupx

Malware Config

Targets

    • Target

      25567135ec1b3375d957d61f20e39b7a442b5a87f3f3591f67d47a1441455585

    • Size

      3.6MB

    • MD5

      21ae834bdd5b89bacacca4d51cf82148

    • SHA1

      601d1d2751a2af976556b6cfa84201b76003cff5

    • SHA256

      25567135ec1b3375d957d61f20e39b7a442b5a87f3f3591f67d47a1441455585

    • SHA512

      1e29739482431972865a2ceac2404cccea7c5bc5d1257dcfefcd9e9d2a16820bad8dad79d0c88192170c83a84fea8e0900bc38764b313dbb66d4f4aefd5ccde8

    • SSDEEP

      98304:c4cVYH4QXqDLusX30tPoOvE7CcJaDcUkXaluXvdPzJ:oWH4LXeRoZ7CcPUQXvdPzJ

    Score
    10/10
    rmspersistencerattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks