Overview

overview

10

Static

static

bd2e4660c5...05.exe

windows7-x64

10

bd2e4660c5...05.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd2e4660c59996e3536f9e2fa39b26709b6a6e72108f653e3c4a9dda00b01c05

  • Size

    5.4MB

  • Sample

    221120-enqlmsfb42

  • MD5

    50005c220db8ad28b779d9732597ab22

  • SHA1

    4160930ff625237897e1d7195ef4d9780376985f

  • SHA256

    bd2e4660c59996e3536f9e2fa39b26709b6a6e72108f653e3c4a9dda00b01c05

  • SHA512

    ba7782630eadbd51b825e06ec476deaa7f27ab06adb9e077b175820f18ba1ac640d716831840e18460c68735ddb0dccbd43bd325c283faa4fa926558f7086a8e

  • SSDEEP

    98304:n3/zlJ46EGhmo1clCqM9e8o5729oPJAxaXSBDt02pPd0iysCy8N7rvlqa6FSB:n3LlJNd6s8lP2x6SHl9CySf9qa6SB

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      bd2e4660c59996e3536f9e2fa39b26709b6a6e72108f653e3c4a9dda00b01c05

    • Size

      5.4MB

    • MD5

      50005c220db8ad28b779d9732597ab22

    • SHA1

      4160930ff625237897e1d7195ef4d9780376985f

    • SHA256

      bd2e4660c59996e3536f9e2fa39b26709b6a6e72108f653e3c4a9dda00b01c05

    • SHA512

      ba7782630eadbd51b825e06ec476deaa7f27ab06adb9e077b175820f18ba1ac640d716831840e18460c68735ddb0dccbd43bd325c283faa4fa926558f7086a8e

    • SSDEEP

      98304:n3/zlJ46EGhmo1clCqM9e8o5729oPJAxaXSBDt02pPd0iysCy8N7rvlqa6FSB:n3LlJNd6s8lP2x6SHl9CySf9qa6SB

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks