Overview

overview

10

Static

static

e721a8ec96...a2.exe

windows7-x64

10

e721a8ec96...a2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e721a8ec9686817c850aefe797c801b614e859d2492e6dc2a6068f86cc1ff5a2

  • Size

    7.2MB

  • Sample

    221204-qdrxhabg26

  • MD5

    faf5021dc3a27579ea50efced8a4f137

  • SHA1

    c06cc6593ac3b29af35566d96d649db45001db8e

  • SHA256

    e721a8ec9686817c850aefe797c801b614e859d2492e6dc2a6068f86cc1ff5a2

  • SHA512

    01b495962b976c366b92381fd8c7031df446663b6c06f4f251a9c17017ffb00cbb1f08de55423a6aa6219454f472d2ef8a6a8eb245ceff690cd70540636b3eb4

  • SSDEEP

    196608:DdbSqYn+fJi3qpm6JrfuDG4RRvLjqYSMoO4dsjkS2YfGo/v:DdSqYn+xi3qpmUOL4uj1tfGo/v

Score
10/10
rmsevasionrattrojan

Malware Config

Targets

    • Target

      e721a8ec9686817c850aefe797c801b614e859d2492e6dc2a6068f86cc1ff5a2

    • Size

      7.2MB

    • MD5

      faf5021dc3a27579ea50efced8a4f137

    • SHA1

      c06cc6593ac3b29af35566d96d649db45001db8e

    • SHA256

      e721a8ec9686817c850aefe797c801b614e859d2492e6dc2a6068f86cc1ff5a2

    • SHA512

      01b495962b976c366b92381fd8c7031df446663b6c06f4f251a9c17017ffb00cbb1f08de55423a6aa6219454f472d2ef8a6a8eb245ceff690cd70540636b3eb4

    • SSDEEP

      196608:DdbSqYn+fJi3qpm6JrfuDG4RRvLjqYSMoO4dsjkS2YfGo/v:DdSqYn+xi3qpmUOL4uj1tfGo/v

    Score
    10/10
    rmsevasionrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks