Overview

overview

10

Static

static

8

fb5b2c3394...20.exe

windows7-x64

10

fb5b2c3394...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb5b2c339496d3c8ba00f1cec7ec98e0f78c07d69f77356de580063faf05a220

  • Size

    3.4MB

  • Sample

    221126-vk6fpadc7w

  • MD5

    474ce1d3f2e93c061262a0a647d90103

  • SHA1

    805c410a9535795889225d7be3c682717ef42c22

  • SHA256

    fb5b2c339496d3c8ba00f1cec7ec98e0f78c07d69f77356de580063faf05a220

  • SHA512

    ff752509dfd449e9c93ae4fb095f3de7f38c10ab67f253d75b8f89715f1234810612baeaaa4b2991772f2cd8b39041852d116a286d5f306816f186a20216a27e

  • SSDEEP

    98304:hwwviscLk1E6jnlvyqHaz5i0bqXWmS2u7PI7:hGscLkqMlvyq6oXUr7

Score
10/10
rmsevasionrattrojanupx

Malware Config

Targets

    • Target

      fb5b2c339496d3c8ba00f1cec7ec98e0f78c07d69f77356de580063faf05a220

    • Size

      3.4MB

    • MD5

      474ce1d3f2e93c061262a0a647d90103

    • SHA1

      805c410a9535795889225d7be3c682717ef42c22

    • SHA256

      fb5b2c339496d3c8ba00f1cec7ec98e0f78c07d69f77356de580063faf05a220

    • SHA512

      ff752509dfd449e9c93ae4fb095f3de7f38c10ab67f253d75b8f89715f1234810612baeaaa4b2991772f2cd8b39041852d116a286d5f306816f186a20216a27e

    • SSDEEP

      98304:hwwviscLk1E6jnlvyqHaz5i0bqXWmS2u7PI7:hGscLkqMlvyq6oXUr7

    Score
    10/10
    rmsevasionrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Stops running service(s)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks