Overview

overview

10

Static

static

1

12fd991459...e1.exe

windows7-x64

10

12fd991459...e1.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12fd99145905df13cc2dc7ed0a9c971b57645988d98802402d86e4f4286fc1e1

  • Size

    4.2MB

  • Sample

    221029-bc7t1aedg9

  • MD5

    580fca88b7669a2ec00ca0771021519a

  • SHA1

    07fd72e24191364e09ef024eb97e551688ee2323

  • SHA256

    12fd99145905df13cc2dc7ed0a9c971b57645988d98802402d86e4f4286fc1e1

  • SHA512

    117d3784b28dc41a2ad80e843ea1371974b6fdabfb52aa22793d4d81410feae7991b3c5feafa9c20432c2681c9c2dc2275603dd9d4ac9461d580b1d176346c29

  • SSDEEP

    98304:9Nio6GYhlGYi2gK6RqqNUHw4uIolk/3QIDpGYXV4cVY5:Di5hjGagTR34ilkPQ2AYXnW5

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      12fd99145905df13cc2dc7ed0a9c971b57645988d98802402d86e4f4286fc1e1

    • Size

      4.2MB

    • MD5

      580fca88b7669a2ec00ca0771021519a

    • SHA1

      07fd72e24191364e09ef024eb97e551688ee2323

    • SHA256

      12fd99145905df13cc2dc7ed0a9c971b57645988d98802402d86e4f4286fc1e1

    • SHA512

      117d3784b28dc41a2ad80e843ea1371974b6fdabfb52aa22793d4d81410feae7991b3c5feafa9c20432c2681c9c2dc2275603dd9d4ac9461d580b1d176346c29

    • SSDEEP

      98304:9Nio6GYhlGYi2gK6RqqNUHw4uIolk/3QIDpGYXV4cVY5:Di5hjGagTR34ilkPQ2AYXnW5

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks