Overview

overview

10

Static

static

FC9E09EC69...6F.exe

windows7-x64

10

FC9E09EC69...6F.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FC9E09EC6960ED9E765A2D319ACB99395B78010785B6F.exe

  • Size

    12.0MB

  • Sample

    221025-2ssywseber

  • MD5

    ce94855ad6ed2dc3ceb85e516f907371

  • SHA1

    275cc93eef3ae8790cccbff9325fb9f7063c669a

  • SHA256

    fc9e09ec6960ed9e765a2d319acb99395b78010785b6f176680f9fa5af846d09

  • SHA512

    5533e34c4f8f43e70a3eb536cde70c6c54a02a402154c880cb9fe51fb2b95b87fd6d5e588a39d86812cac5e614ec532778da6de1b22fd789f1b843598b9860b1

  • SSDEEP

    196608:AihtI2NepqkynnaENFshFv2+odIR2dTi8PXM2GD080tZqTvPAMurHUAmJfVQeo:HhC2NeEnaSezO+ZAOe9GDPTXNpJf0

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      FC9E09EC6960ED9E765A2D319ACB99395B78010785B6F.exe

    • Size

      12.0MB

    • MD5

      ce94855ad6ed2dc3ceb85e516f907371

    • SHA1

      275cc93eef3ae8790cccbff9325fb9f7063c669a

    • SHA256

      fc9e09ec6960ed9e765a2d319acb99395b78010785b6f176680f9fa5af846d09

    • SHA512

      5533e34c4f8f43e70a3eb536cde70c6c54a02a402154c880cb9fe51fb2b95b87fd6d5e588a39d86812cac5e614ec532778da6de1b22fd789f1b843598b9860b1

    • SSDEEP

      196608:AihtI2NepqkynnaENFshFv2+odIR2dTi8PXM2GD080tZqTvPAMurHUAmJfVQeo:HhC2NeEnaSezO+ZAOe9GDPTXNpJf0

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks