Overview

overview

10

Static

static

981E6B7E07...CB.exe

windows7-x64

10

981E6B7E07...CB.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    981E6B7E07D549903C7C91F149B643C9A75AB98E0E0CB.exe

  • Size

    6.3MB

  • Sample

    221206-tcjfhsbh65

  • MD5

    bfb6121383e3e301ec4267ecb9cacb56

  • SHA1

    d36b7cd218b3e88a03fa3a9c681e6f6fad3b415d

  • SHA256

    981e6b7e07d549903c7c91f149b643c9a75ab98e0e0cba8f0845bef2e162ea7c

  • SHA512

    845559ef9f6cbd7c03f39c60a403b0058b1cfd09e8e84581e8f5dd11501708d06139d5a949cfc9bb1d52537e3cde468ceeee8bd0dcb299c8f29b1496d1f542f3

  • SSDEEP

    98304:MjMgl8EOJi4JhgiIVqskETxGaYequQ+vVNYENTGBxX9WVLE8zjNBumjiQcNOyfAV:MYg8EBEZSeaYeqS8UYWtzmmUJAV

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      981E6B7E07D549903C7C91F149B643C9A75AB98E0E0CB.exe

    • Size

      6.3MB

    • MD5

      bfb6121383e3e301ec4267ecb9cacb56

    • SHA1

      d36b7cd218b3e88a03fa3a9c681e6f6fad3b415d

    • SHA256

      981e6b7e07d549903c7c91f149b643c9a75ab98e0e0cba8f0845bef2e162ea7c

    • SHA512

      845559ef9f6cbd7c03f39c60a403b0058b1cfd09e8e84581e8f5dd11501708d06139d5a949cfc9bb1d52537e3cde468ceeee8bd0dcb299c8f29b1496d1f542f3

    • SSDEEP

      98304:MjMgl8EOJi4JhgiIVqskETxGaYequQ+vVNYENTGBxX9WVLE8zjNBumjiQcNOyfAV:MYg8EBEZSeaYeqS8UYWtzmmUJAV

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks