Overview

overview

10

Static

static

7

SecuriteIn...18.exe

windows7-x64

10

SecuriteIn...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Riskware.RemoteAdmin_RemoteUtilities.9640.30018.exe

  • Size

    16.9MB

  • Sample

    240906-ptgwsswfmq

  • MD5

    8447cd76c56cb7c13dc31d3aaadff615

  • SHA1

    0b2d53a0699add6ad76c5141eeb67ac77277cd14

  • SHA256

    413af64238d7985f1749cb5903bac8e17a58d37408488992d40247b42fcffbc7

  • SHA512

    666a8d64a5815e9fedb568db02ce31c7f7e76764503976cfa1301fbc70cef7c37dacf3e00d957227f745e4bc96b6fa8bda10fb418ddcf9ce12564f9e55a1f590

  • SSDEEP

    393216:p5JgVAku1srrXq2YczV7xxdTgKzmes9mK:HeApu7zV7dTgUmeUT

Score
10/10
rmsdiscoveryrattrojanupx

Malware Config

Targets

    • Target

      SecuriteInfo.com.Riskware.RemoteAdmin_RemoteUtilities.9640.30018.exe

    • Size

      16.9MB

    • MD5

      8447cd76c56cb7c13dc31d3aaadff615

    • SHA1

      0b2d53a0699add6ad76c5141eeb67ac77277cd14

    • SHA256

      413af64238d7985f1749cb5903bac8e17a58d37408488992d40247b42fcffbc7

    • SHA512

      666a8d64a5815e9fedb568db02ce31c7f7e76764503976cfa1301fbc70cef7c37dacf3e00d957227f745e4bc96b6fa8bda10fb418ddcf9ce12564f9e55a1f590

    • SSDEEP

      393216:p5JgVAku1srrXq2YczV7xxdTgKzmes9mK:HeApu7zV7dTgUmeUT

    Score
    10/10
    rmsdiscoveryrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks