Overview

overview

10

Static

static

1

8902ffe684...9b.exe

windows7-x64

10

8902ffe684...9b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8902ffe6842a29cccb22a4c271a54e40817d5e1101cdba0b003478be7c29289b

  • Size

    4.2MB

  • Sample

    221124-2mgzfadf62

  • MD5

    083979f7aca2927d0cb60ba7073ec034

  • SHA1

    9ee485389b636b7d7996ff8e3ae14bf82119a7c8

  • SHA256

    8902ffe6842a29cccb22a4c271a54e40817d5e1101cdba0b003478be7c29289b

  • SHA512

    6c2ac963d906bbae829a6af3a2530cd3824e7253d4653831af7456405d10986879fcac0532a875db17d7c943f05a366b060bf2d566ee30233b7ad6a3c0584c8b

  • SSDEEP

    98304:SNio6GYhlGYi2gK6RqqNUHw4uIolk/3QIDpGYXV4cVYU:0i5hjGagTR34ilkPQ2AYXnWU

Score
10/10
rmspersistencerattrojan

Malware Config

Targets

    • Target

      8902ffe6842a29cccb22a4c271a54e40817d5e1101cdba0b003478be7c29289b

    • Size

      4.2MB

    • MD5

      083979f7aca2927d0cb60ba7073ec034

    • SHA1

      9ee485389b636b7d7996ff8e3ae14bf82119a7c8

    • SHA256

      8902ffe6842a29cccb22a4c271a54e40817d5e1101cdba0b003478be7c29289b

    • SHA512

      6c2ac963d906bbae829a6af3a2530cd3824e7253d4653831af7456405d10986879fcac0532a875db17d7c943f05a366b060bf2d566ee30233b7ad6a3c0584c8b

    • SSDEEP

      98304:SNio6GYhlGYi2gK6RqqNUHw4uIolk/3QIDpGYXV4cVYU:0i5hjGagTR34ilkPQ2AYXnWU

    Score
    10/10
    rmspersistencerattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks