Overview

overview

10

Static

static

7

a92186534c...13.exe

windows7-x64

10

a92186534c...13.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a92186534c3037d5cf3aa21f3d5a2813.exe

  • Size

    17.2MB

  • Sample

    231130-k5la5sab4s

  • MD5

    a92186534c3037d5cf3aa21f3d5a2813

  • SHA1

    b38946a8c46ebd9f33e625cef673ce4febe5bb43

  • SHA256

    3c9a039e27ed30b5be7a9dfc2589c3f4c01a3f975bbe9adac909c35bed4787e5

  • SHA512

    62e2d52aabca2ff395c12a31ae00e687e95f682d0f1533b14c22a1787dd650910c0bb842237c897f8d7dfc61ff2e08cfaf6ba067e240cb4471bb1a772d0de564

  • SSDEEP

    393216:rq10je3/17uct7LkrsWBO77nHdGpX/+qleYlz9L5ZH9:O0ju/17Ht7IBO7rspP+/Wz9vH9

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      a92186534c3037d5cf3aa21f3d5a2813.exe

    • Size

      17.2MB

    • MD5

      a92186534c3037d5cf3aa21f3d5a2813

    • SHA1

      b38946a8c46ebd9f33e625cef673ce4febe5bb43

    • SHA256

      3c9a039e27ed30b5be7a9dfc2589c3f4c01a3f975bbe9adac909c35bed4787e5

    • SHA512

      62e2d52aabca2ff395c12a31ae00e687e95f682d0f1533b14c22a1787dd650910c0bb842237c897f8d7dfc61ff2e08cfaf6ba067e240cb4471bb1a772d0de564

    • SSDEEP

      393216:rq10je3/17uct7LkrsWBO77nHdGpX/+qleYlz9L5ZH9:O0ju/17Ht7IBO7rspP+/Wz9vH9

    Score
    10/10
    rmsrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks