Overview

overview

10

Static

static

1

65e4497f14...5e.exe

windows7-x64

10

65e4497f14...5e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65e4497f14b0945a2144f28fb14364aa379b642512f6f09a1e6138a9ac2b365e

  • Size

    4.4MB

  • Sample

    221124-nd5r9aad43

  • MD5

    a4ef524bb21b66a9e6267ed8bc871cef

  • SHA1

    4363f160e06afea785f43261c69ea2c3d11b3207

  • SHA256

    65e4497f14b0945a2144f28fb14364aa379b642512f6f09a1e6138a9ac2b365e

  • SHA512

    eba6c78c3c2b1ce195b4a16f75c332c35001b860a359bd1182277580347d6c0825fdba109ab1644b61b2ab3c0e4f403d12554af2807dceda6aa944503e0086a8

  • SSDEEP

    98304:FXKa77HBa1WujIh01MeYvMHXEWxXV4cVYs:F3lFh0KTEEWxXnWs

Score
10/10
rmspersistencerattrojan

Malware Config

Targets

    • Target

      65e4497f14b0945a2144f28fb14364aa379b642512f6f09a1e6138a9ac2b365e

    • Size

      4.4MB

    • MD5

      a4ef524bb21b66a9e6267ed8bc871cef

    • SHA1

      4363f160e06afea785f43261c69ea2c3d11b3207

    • SHA256

      65e4497f14b0945a2144f28fb14364aa379b642512f6f09a1e6138a9ac2b365e

    • SHA512

      eba6c78c3c2b1ce195b4a16f75c332c35001b860a359bd1182277580347d6c0825fdba109ab1644b61b2ab3c0e4f403d12554af2807dceda6aa944503e0086a8

    • SSDEEP

      98304:FXKa77HBa1WujIh01MeYvMHXEWxXV4cVYs:F3lFh0KTEEWxXnWs

    Score
    10/10
    rmspersistencerattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks