Overview

overview

10

Static

static

237bd56d1e...df.exe

windows7-x64

10

237bd56d1e...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    237bd56d1e468f9b882706c340b9d4848a2a2bc1e8d0668a0f36e2206fe3ccdf

  • Size

    7.3MB

  • Sample

    221108-s8fttsgcbn

  • MD5

    0b7e0fc0d4079e6bbfbf973a897a9a5c

  • SHA1

    3e6dd00af4feb11bb015213277a4f010c0c82dd8

  • SHA256

    237bd56d1e468f9b882706c340b9d4848a2a2bc1e8d0668a0f36e2206fe3ccdf

  • SHA512

    55b6436a93913d3743ff2ec7f93e44d5dbf7035174814f9b39c7e55492c7a89d408950ffa240c3305a1cea0685af3fd011510387dbf390842efc07234f15243e

  • SSDEEP

    196608:ySHMjhspjUi99uVf4X+2hG2+O1AyOWSoSTjrmt7nv6PGpeFh:ySHMhsJ/0gNQBOvM2v6PGoh

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      237bd56d1e468f9b882706c340b9d4848a2a2bc1e8d0668a0f36e2206fe3ccdf

    • Size

      7.3MB

    • MD5

      0b7e0fc0d4079e6bbfbf973a897a9a5c

    • SHA1

      3e6dd00af4feb11bb015213277a4f010c0c82dd8

    • SHA256

      237bd56d1e468f9b882706c340b9d4848a2a2bc1e8d0668a0f36e2206fe3ccdf

    • SHA512

      55b6436a93913d3743ff2ec7f93e44d5dbf7035174814f9b39c7e55492c7a89d408950ffa240c3305a1cea0685af3fd011510387dbf390842efc07234f15243e

    • SSDEEP

      196608:ySHMjhspjUi99uVf4X+2hG2+O1AyOWSoSTjrmt7nv6PGpeFh:ySHMhsJ/0gNQBOvM2v6PGoh

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks