Overview

overview

10

Static

static

3

d6b4cfbfd3...6d.exe

windows7-x64

10

d6b4cfbfd3...6d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d6b4cfbfd3d991f11e43766b540dff6d

  • Size

    13.5MB

  • Sample

    240319-v2zz8sad4y

  • MD5

    d6b4cfbfd3d991f11e43766b540dff6d

  • SHA1

    623dc813732aadea3b536d15260a797912e5dab3

  • SHA256

    bb14966525eccfa7abe6efdf09bfdc307a2ffcf0e3022bf956fd7743cd0971c1

  • SHA512

    84fef3ac9e6c1bc42bee582ba3d2f2e4e3e4aaf9d70652490447ca3abce22d84f06058ecca32397fb1c9ea410575a8d7b037bf5137a6400f3f17365b1d6210ed

  • SSDEEP

    393216:5NKlNksD9oXH6jh0mmQhjrb9YOxZJ2GfK4w8ZkX:fKlqsD9g61d7z9YY8GfxSX

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      d6b4cfbfd3d991f11e43766b540dff6d

    • Size

      13.5MB

    • MD5

      d6b4cfbfd3d991f11e43766b540dff6d

    • SHA1

      623dc813732aadea3b536d15260a797912e5dab3

    • SHA256

      bb14966525eccfa7abe6efdf09bfdc307a2ffcf0e3022bf956fd7743cd0971c1

    • SHA512

      84fef3ac9e6c1bc42bee582ba3d2f2e4e3e4aaf9d70652490447ca3abce22d84f06058ecca32397fb1c9ea410575a8d7b037bf5137a6400f3f17365b1d6210ed

    • SSDEEP

      393216:5NKlNksD9oXH6jh0mmQhjrb9YOxZJ2GfK4w8ZkX:fKlqsD9g61d7z9YY8GfxSX

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks