Overview

overview

10

Static

static

7

a75e96ed24...9d.exe

windows7-x64

10

a75e96ed24...9d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f38747053172b7cbca4bc5d1590667e8.bin

  • Size

    16.4MB

  • Sample

    231009-c6hmmsbh79

  • MD5

    e713ab554bcaa439ef585c32794a3773

  • SHA1

    89919f9aba523ca87ac33fa92f20a86168d4b544

  • SHA256

    835064468e8b478b21b0e7dc0e597fa8e00a4649c05a67a7358463c2a30643ac

  • SHA512

    521e45f63c89a9f97cd7e3d6313b182b1622533772e397cc3f0e984c23e3eba5bfc12e21cfb2caad625fe6b63772b05a615ebdb4e9cb4c0f4fa79ae05a6a4b2e

  • SSDEEP

    393216:cDIffJmQawA6HaETMtKfZ6HAhraMHyispVf/fcPei9rp0Ul7ccd:WIYQLRfZBqispB/fcPZFccd

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      a75e96ed243f0a45b2262b426241d0afadab4cca25635d789d75a2187bdb5a9d.exe

    • Size

      16.9MB

    • MD5

      f38747053172b7cbca4bc5d1590667e8

    • SHA1

      bc9865ec689ef7fcf7c7f0ac1efd51bc1a3db4e9

    • SHA256

      a75e96ed243f0a45b2262b426241d0afadab4cca25635d789d75a2187bdb5a9d

    • SHA512

      cfe47ad42f92453513719113c576b165199518a886584231bcda802f3963ebad8ddd207432e1969604a66c08a855c93a2bc2300086813c09414db9ef373cc291

    • SSDEEP

      393216:nuDuLKdaU5DhSEehVzL0wIK4PfksLAY3NbyopsjUNMSy/:t9UihuK4P8oANi8rSS

    Score
    10/10
    rmsrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks