Overview

overview

10

Static

static

3

winserv.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rss.rar

  • Size

    2.9MB

  • Sample

    231205-mhtp4sag97

  • MD5

    efb98aaeb5bf5bcd27d1ee526e13a1f9

  • SHA1

    433349b1f61d229e046838c80ee8f73c0d93df87

  • SHA256

    013596c0927c3e3e9863f9081766764f3edde0d6fec1d0c49d811342ae54a909

  • SHA512

    da571b2fa5dd196b23ec7b5213d6cc55b27a1d052f2a7d6a4ef5096218e56d3ee6c433af854b07f4728ebe25132825a8f53e48db94e21afb7f01497c4629ac5c

  • SSDEEP

    49152:SeeXtMC0o6w1HETgW9jwFIjxu6Gq8aOE658Plq48u2Xe1blfVKPooMp:SeNPoW9jOIvJ2Xe1bl9Kip

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      winserv.exe

    • Size

      10.2MB

    • MD5

      3f4f5a6cb95047fea6102bd7d2226aa9

    • SHA1

      fc09dd898b6e7ff546e4a7517a715928fbafc297

    • SHA256

      99fd9e75e6241eff30e01c5b59df9e901fb24d12bee89c069cc6158f78b3cc98

    • SHA512

      de5c8155f426a4e55953ae85410c7d9ad84f5643c30865fc036d1270310e28754772bd0f3093444a16ef0c1fa3db6c56301746fb5e7f03ce692bfdad0c4fb688

    • SSDEEP

      196608:iz+UZcWP4jBrfWgEgIV8Rzy7Vj4FZvEo:i6UZcWWeVj4FZ

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks