Overview

overview

10

Static

static

1

b07a001c75...ed.exe

windows7-x64

10

b07a001c75...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b07a001c750e2d4f499cdd096293a6b906e564d7c7f68e4d55f2d1685f2436ed

  • Size

    4.2MB

  • Sample

    221028-2dq6raadck

  • MD5

    e8694399fe68022a1fd7d6f4348096af

  • SHA1

    fd6da185884476cdcb3088c9070578a861402183

  • SHA256

    b07a001c750e2d4f499cdd096293a6b906e564d7c7f68e4d55f2d1685f2436ed

  • SHA512

    c9d54c84db80a56951f335f08bbd2aa9dee4b8f456d5ac48add5ba5a2e274845edaf514c75a8050e2cbb54e296993c92b0a7b0a82079e07860f9c08673309639

  • SSDEEP

    98304:qNio6GYhlGYi2gK6RqqNUHw4uIolk/3QIDpGYXV4cVYR:Mi5hjGagTR34ilkPQ2AYXnWR

Score
10/10
rmspersistencerattrojan

Malware Config

Targets

    • Target

      b07a001c750e2d4f499cdd096293a6b906e564d7c7f68e4d55f2d1685f2436ed

    • Size

      4.2MB

    • MD5

      e8694399fe68022a1fd7d6f4348096af

    • SHA1

      fd6da185884476cdcb3088c9070578a861402183

    • SHA256

      b07a001c750e2d4f499cdd096293a6b906e564d7c7f68e4d55f2d1685f2436ed

    • SHA512

      c9d54c84db80a56951f335f08bbd2aa9dee4b8f456d5ac48add5ba5a2e274845edaf514c75a8050e2cbb54e296993c92b0a7b0a82079e07860f9c08673309639

    • SSDEEP

      98304:qNio6GYhlGYi2gK6RqqNUHw4uIolk/3QIDpGYXV4cVYR:Mi5hjGagTR34ilkPQ2AYXnWR

    Score
    10/10
    rmspersistencerattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks