Overview

overview

10

Static

static

7

010c974cbd...49.exe

windows7-x64

10

010c974cbd...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    010c974cbd698480d7997129e0191749.exe

  • Size

    16.5MB

  • Sample

    240613-xsl35asdkj

  • MD5

    010c974cbd698480d7997129e0191749

  • SHA1

    2c1bed5fe03ab619ca52c03f73c45302620dd609

  • SHA256

    a624655d8e81b8ec8ac52af6eed3f30009f5bad64fbb684f0eb7ac5dd3ff73f1

  • SHA512

    2c71d3bffb60e673dbed81d8e4b9bcb39ea58b61b9337749ae060c4bf20b01131aba3db3b437cc5a5f8ad1d287b772e8a2b62ff7f55b3d55d30ece83b85a717e

  • SSDEEP

    393216:YfdXSfT8i4OmhiwkxNM4KOfMGteD4hYL6CQua+l6XMR7u:YFXSbf3mhncO47kGQ4nu6XGu

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      010c974cbd698480d7997129e0191749.exe

    • Size

      16.5MB

    • MD5

      010c974cbd698480d7997129e0191749

    • SHA1

      2c1bed5fe03ab619ca52c03f73c45302620dd609

    • SHA256

      a624655d8e81b8ec8ac52af6eed3f30009f5bad64fbb684f0eb7ac5dd3ff73f1

    • SHA512

      2c71d3bffb60e673dbed81d8e4b9bcb39ea58b61b9337749ae060c4bf20b01131aba3db3b437cc5a5f8ad1d287b772e8a2b62ff7f55b3d55d30ece83b85a717e

    • SSDEEP

      393216:YfdXSfT8i4OmhiwkxNM4KOfMGteD4hYL6CQua+l6XMR7u:YFXSbf3mhncO47kGQ4nu6XGu

    Score
    10/10
    rmsrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks