Overview

overview

10

Static

static

7

agent.exe

windows10-2004-x64

10

agent.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    agent.exe

  • Size

    17.1MB

  • Sample

    240614-p58tnavfnk

  • MD5

    2cb82383ac2bf37db831dc927a28d0cc

  • SHA1

    608d28463f9a537eac5a4d6caf8e7e09e02d489c

  • SHA256

    c69faa01c1a130fec2a7b5797de1afdd7cff02a667310f203abafe24669aedca

  • SHA512

    a793c8a7fe1be6bedd7b8d3d976eac7c459f82d44edeb14350fd6819e81cc5aa65284b6bc87fa60a0de942e172506c524ac88603d494dc576723395419a79037

  • SSDEEP

    393216:s9HMNrwkzj4sw6lFSaPWnl3f7r7Iddirw9Xs/g:wgrwkPhRz94l3Trs19Xs/

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      agent.exe

    • Size

      17.1MB

    • MD5

      2cb82383ac2bf37db831dc927a28d0cc

    • SHA1

      608d28463f9a537eac5a4d6caf8e7e09e02d489c

    • SHA256

      c69faa01c1a130fec2a7b5797de1afdd7cff02a667310f203abafe24669aedca

    • SHA512

      a793c8a7fe1be6bedd7b8d3d976eac7c459f82d44edeb14350fd6819e81cc5aa65284b6bc87fa60a0de942e172506c524ac88603d494dc576723395419a79037

    • SSDEEP

      393216:s9HMNrwkzj4sw6lFSaPWnl3f7r7Iddirw9Xs/g:wgrwkPhRz94l3Trs19Xs/

    Score
    10/10
    rmsrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks