Overview

overview

10

Static

static

7

A75E96ED24...35.exe

windows7-x64

10

A75E96ED24...35.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    A75E96ED243F0A45B2262B426241D0AFADAB4CCA25635.exe

  • Size

    16.9MB

  • Sample

    231007-yvebqsfa61

  • MD5

    f38747053172b7cbca4bc5d1590667e8

  • SHA1

    bc9865ec689ef7fcf7c7f0ac1efd51bc1a3db4e9

  • SHA256

    a75e96ed243f0a45b2262b426241d0afadab4cca25635d789d75a2187bdb5a9d

  • SHA512

    cfe47ad42f92453513719113c576b165199518a886584231bcda802f3963ebad8ddd207432e1969604a66c08a855c93a2bc2300086813c09414db9ef373cc291

  • SSDEEP

    393216:nuDuLKdaU5DhSEehVzL0wIK4PfksLAY3NbyopsjUNMSy/:t9UihuK4P8oANi8rSS

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      A75E96ED243F0A45B2262B426241D0AFADAB4CCA25635.exe

    • Size

      16.9MB

    • MD5

      f38747053172b7cbca4bc5d1590667e8

    • SHA1

      bc9865ec689ef7fcf7c7f0ac1efd51bc1a3db4e9

    • SHA256

      a75e96ed243f0a45b2262b426241d0afadab4cca25635d789d75a2187bdb5a9d

    • SHA512

      cfe47ad42f92453513719113c576b165199518a886584231bcda802f3963ebad8ddd207432e1969604a66c08a855c93a2bc2300086813c09414db9ef373cc291

    • SSDEEP

      393216:nuDuLKdaU5DhSEehVzL0wIK4PfksLAY3NbyopsjUNMSy/:t9UihuK4P8oANi8rSS

    Score
    10/10
    rmsrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks