Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

3b03d8ee3d...ca.exe

windows7-x64

10

3b03d8ee3d...ca.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b03d8ee3dc4406d7be3d995552965ad4b4b9f1f3d106580820ce3e1fa62b2ca.exe

  • Size

    17.1MB

  • Sample

    241006-bf3pfssfqg

  • MD5

    2ac561231ba80f987b7bf1f6c3fb2c3b

  • SHA1

    9742aa5faeef8d90a116a5f86066acf72071ca26

  • SHA256

    3b03d8ee3dc4406d7be3d995552965ad4b4b9f1f3d106580820ce3e1fa62b2ca

  • SHA512

    4ea8a999b419472a3b4703535b4e6a3fe0a93de7bd44ef48dce11cf8d5bd7da8c72f585de9dad5534f270ff14f2ad5a16a5688498402cb1141d38a470fa34f50

  • SSDEEP

    393216:r93WcIGlUHbn+WE2WQoCyJ8ZKNhNUNXaRdeX:53W7bE2WQoVVhNaXaza

Score
10/10
rmsdiscoveryrattrojanupx

Malware Config

Targets

    • Target

      3b03d8ee3dc4406d7be3d995552965ad4b4b9f1f3d106580820ce3e1fa62b2ca.exe

    • Size

      17.1MB

    • MD5

      2ac561231ba80f987b7bf1f6c3fb2c3b

    • SHA1

      9742aa5faeef8d90a116a5f86066acf72071ca26

    • SHA256

      3b03d8ee3dc4406d7be3d995552965ad4b4b9f1f3d106580820ce3e1fa62b2ca

    • SHA512

      4ea8a999b419472a3b4703535b4e6a3fe0a93de7bd44ef48dce11cf8d5bd7da8c72f585de9dad5534f270ff14f2ad5a16a5688498402cb1141d38a470fa34f50

    • SSDEEP

      393216:r93WcIGlUHbn+WE2WQoCyJ8ZKNhNUNXaRdeX:53W7bE2WQoVVhNaXaza

    Score
    10/10
    rmsdiscoveryrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.