Overview

overview

10

Static

static

7

5b77773987...dd.exe

windows7-x64

10

5b77773987...dd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b77773987beb9991a27aaab1e8fc4e246077226e2c7163d8a8ba3702eefe8dd.exe.zip

  • Size

    16.4MB

  • Sample

    231002-n71emaca87

  • MD5

    c3d851242aa60697a695b0e942e11549

  • SHA1

    3b9bb35b2ca3b9cc1c857a88efab57bcb87c9132

  • SHA256

    3f174c23b4d00cc007f794e0378d725502c5fafe7301ac1b3bfb99de11a53a22

  • SHA512

    17f1aa457af9d40ecce36f5ea56aef0cb42dc084f8487c7af55dfe5721c719c176ff1d77e3d7636fd5cd4f48481ae4fadaf31f42ccd1b1646360475bfc58b284

  • SSDEEP

    393216:fekW01hqAhxwcXsLbuJyTWCaaJz9EK+RErg9l5nJC4:fnvqsxpcLKJyTbmmrgHHC4

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      5b77773987beb9991a27aaab1e8fc4e246077226e2c7163d8a8ba3702eefe8dd.exe

    • Size

      16.9MB

    • MD5

      2d9bbfdd89de3e7015caaec65ee6ad86

    • SHA1

      46797073c0164c024d885384b4924bb6032aa8f4

    • SHA256

      5b77773987beb9991a27aaab1e8fc4e246077226e2c7163d8a8ba3702eefe8dd

    • SHA512

      80498f6002ffb7c1b51c66b698ebcde29322d6bd2c442039127a90beffbe786e53e8d9c116c0c7d9f0ebe189c52a4293bd108dfe9186279fe3acbf7607393737

    • SSDEEP

      393216:YuDuv8EMmjKv9IGNmixtpz9UoyFX8h6oZnBm7fWD6:uvvM/vuuxt71yFo6oY7fe6

    Score
    10/10
    rmsrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks