Overview

overview

10

Static

static

3

1146874bec...cc.exe

windows7-x64

10

1146874bec...cc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1146874becb449c9ff62ee9d013c36cc

  • Size

    4.4MB

  • Sample

    231230-hfjd5sgaf6

  • MD5

    1146874becb449c9ff62ee9d013c36cc

  • SHA1

    fc9dc8bb69b0903ce9ebdc1d48d04ebc351b47f3

  • SHA256

    cc9198700821977a72f3cf3a1ff22f75044202dbfa560669a70986dc5fb99f36

  • SHA512

    96c9d7c28568390d1af915d0c2a37558dc9b8441e6d663c7b4766b9b60197d6d3339b79497d000bec1259c4a05377f4e30268ed491e92949dc0db3781b373b20

  • SSDEEP

    98304:J738/JMxiHed8+il7Sem/x5MO1+/pY0g/W23WjXfqd1e3vGO/D:J7EOG+il7Sem/UxhEe2oXfqze3e6

Score
10/10
rmsaspackv2rattrojan

Malware Config

Targets

    • Target

      1146874becb449c9ff62ee9d013c36cc

    • Size

      4.4MB

    • MD5

      1146874becb449c9ff62ee9d013c36cc

    • SHA1

      fc9dc8bb69b0903ce9ebdc1d48d04ebc351b47f3

    • SHA256

      cc9198700821977a72f3cf3a1ff22f75044202dbfa560669a70986dc5fb99f36

    • SHA512

      96c9d7c28568390d1af915d0c2a37558dc9b8441e6d663c7b4766b9b60197d6d3339b79497d000bec1259c4a05377f4e30268ed491e92949dc0db3781b373b20

    • SSDEEP

      98304:J738/JMxiHed8+il7Sem/x5MO1+/pY0g/W23WjXfqd1e3vGO/D:J7EOG+il7Sem/UxhEe2oXfqze3e6

    Score
    10/10
    rmsrattrojanaspackv2

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks