Overview

overview

10

Static

static

7

42747eef2e...98.exe

windows7-x64

10

42747eef2e...98.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42747eef2ec5138ff1c51ecaf86e0cc8e43e651c3de264aa73eb43d6f547d098.exe.zip

  • Size

    15.7MB

  • Sample

    231201-sp9b2acd57

  • MD5

    cdf4898bf6ec040ccbe2446a63262aad

  • SHA1

    48cdc3e8629cd79ee7d10bec7743d62c48833d2d

  • SHA256

    6a15bbc07f71cb94719890fa67eff76333f87578a77197bd7cae2e4c2ef40a9f

  • SHA512

    f5d9f04c61df420e2658b4b6bb588c303507d57c35b6f3a7c62b3771dda788a78096d86680115f7e35d910eca9be5bad16672a29c16a6791af1c6daa601adad4

  • SSDEEP

    393216:Una/WPLZDL+MZNdxRNaivrZC3/1dKZSd6G47LOfDk7I:Ka/qDLvJS/1dNdR47RI

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      42747eef2ec5138ff1c51ecaf86e0cc8e43e651c3de264aa73eb43d6f547d098.exe

    • Size

      16.2MB

    • MD5

      5b1242f60d18e7bfc2f5f5a0b6737396

    • SHA1

      46b6946732de7232ea3d2db96cb7e2a4d7538334

    • SHA256

      42747eef2ec5138ff1c51ecaf86e0cc8e43e651c3de264aa73eb43d6f547d098

    • SHA512

      65e2d1e75d12143eb89b8466da57d0d5ba1c26fabc96f15c42689c708efa44576b8a4f0cdc8fccc69c207b12d4b68cd9fc1a82c2e2ce1b3a2d6b753b721ce81f

    • SSDEEP

      393216:Jk4KGkr17htS1jqRnsQQ0suas3DLO4s99H36CyLTVtRxLgU:Jk1Gy/tS1wnsQQvsTi4e9XAjxLn

    Score
    10/10
    rmsrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks