Overview

overview

10

Static

static

916D53E09D...D5.exe

windows7-x64

10

916D53E09D...D5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    916D53E09DA4C910F04585026F5AAB7410C391E30C0D5.exe

  • Size

    4.1MB

  • Sample

    230129-pjba9sef76

  • MD5

    3eaf114e7d481c57147ed8b8ba3c4caa

  • SHA1

    62ce40d8a9c47527e88dab1e3e60e8495cad6029

  • SHA256

    916d53e09da4c910f04585026f5aab7410c391e30c0d560159ad16e936272eeb

  • SHA512

    0112492901fccec1f5045860b5a1093c38cd859ee3f531ae7aed7ce3c01ea2d9df05420cb93293876b68c5f9ab91b293316df0a068f059c0ba27d6d93de2b2fc

  • SSDEEP

    98304:6gCJYcoRB/Om0t7MZwAvPcVx0qa96SQ7p1YGt4Q24DEBziWz:6gCScaB/Om0tkw2EEqh1YVV4QV

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      916D53E09DA4C910F04585026F5AAB7410C391E30C0D5.exe

    • Size

      4.1MB

    • MD5

      3eaf114e7d481c57147ed8b8ba3c4caa

    • SHA1

      62ce40d8a9c47527e88dab1e3e60e8495cad6029

    • SHA256

      916d53e09da4c910f04585026f5aab7410c391e30c0d560159ad16e936272eeb

    • SHA512

      0112492901fccec1f5045860b5a1093c38cd859ee3f531ae7aed7ce3c01ea2d9df05420cb93293876b68c5f9ab91b293316df0a068f059c0ba27d6d93de2b2fc

    • SSDEEP

      98304:6gCJYcoRB/Om0t7MZwAvPcVx0qa96SQ7p1YGt4Q24DEBziWz:6gCScaB/Om0tkw2EEqh1YVV4QV

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks