Overview

overview

10

Static

static

7

46fb7cafdf...d3.exe

windows7-x64

10

46fb7cafdf...d3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46fb7cafdf2dbb555201cfaaf104c1d3.exe

  • Size

    17.0MB

  • Sample

    230509-tqsw4scg49

  • MD5

    46fb7cafdf2dbb555201cfaaf104c1d3

  • SHA1

    2eb1b934a6928eaa63f48f63888f690765968035

  • SHA256

    da301d359b4bbbc07ed41da725cc33e21a23a1e68f69436b475e37ab6abbf52f

  • SHA512

    bbaa2692aa0c84b10417daa04434f72b54e137be85042368c58432a7a39d40e4405246b2ecd6d9be1a7f3f6ef15f5f9d2ab8d31b4eee90839587e29c82e1a1e8

  • SSDEEP

    393216:vuDuvtZSalmqJLNWqezyawPNbD7aC558YgrurVniy/+Rv:FvtZdbMGawPNb6E/rVjWRv

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      46fb7cafdf2dbb555201cfaaf104c1d3.exe

    • Size

      17.0MB

    • MD5

      46fb7cafdf2dbb555201cfaaf104c1d3

    • SHA1

      2eb1b934a6928eaa63f48f63888f690765968035

    • SHA256

      da301d359b4bbbc07ed41da725cc33e21a23a1e68f69436b475e37ab6abbf52f

    • SHA512

      bbaa2692aa0c84b10417daa04434f72b54e137be85042368c58432a7a39d40e4405246b2ecd6d9be1a7f3f6ef15f5f9d2ab8d31b4eee90839587e29c82e1a1e8

    • SSDEEP

      393216:vuDuvtZSalmqJLNWqezyawPNbD7aC558YgrurVniy/+Rv:FvtZdbMGawPNb6E/rVjWRv

    Score
    10/10
    rmsrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks