Overview

overview

10

Static

static

7

0c41e02ef1...a7.exe

windows7-x64

10

0c41e02ef1...a7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c41e02ef1c8837307ffbfe5e3c97116808ced2214d34a5517ac732bc2c3baa7.exe

  • Size

    16.4MB

  • Sample

    240909-e45qha1hrl

  • MD5

    60ec502046b8c0d787ad3b5e431c9126

  • SHA1

    125ca02f6f2e66c3ed1eeb10d78239af3e1c6fbd

  • SHA256

    0c41e02ef1c8837307ffbfe5e3c97116808ced2214d34a5517ac732bc2c3baa7

  • SHA512

    b2073538d267b31f9fabfa84160cccc2a308e83ee0d4d92881738fc5fd1765c53363ae32cf9c078daf95582328be33f7a8ce45f4e5af8685ea5919b721ed8fe5

  • SSDEEP

    393216:afdWj7p4qc0/Elt1VBqqZGi/h3AxlcVtXzo:aFWfp4qc0w7VBqqRNVtXzo

Score
10/10
rmsdiscoveryrattrojanupx

Malware Config

Targets

    • Target

      0c41e02ef1c8837307ffbfe5e3c97116808ced2214d34a5517ac732bc2c3baa7.exe

    • Size

      16.4MB

    • MD5

      60ec502046b8c0d787ad3b5e431c9126

    • SHA1

      125ca02f6f2e66c3ed1eeb10d78239af3e1c6fbd

    • SHA256

      0c41e02ef1c8837307ffbfe5e3c97116808ced2214d34a5517ac732bc2c3baa7

    • SHA512

      b2073538d267b31f9fabfa84160cccc2a308e83ee0d4d92881738fc5fd1765c53363ae32cf9c078daf95582328be33f7a8ce45f4e5af8685ea5919b721ed8fe5

    • SSDEEP

      393216:afdWj7p4qc0/Elt1VBqqZGi/h3AxlcVtXzo:aFWfp4qc0w7VBqqRNVtXzo

    Score
    10/10
    rmsdiscoveryrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks