Overview

overview

10

Static

static

5

2d84bb5d8d...a3.exe

windows7-x64

10

2d84bb5d8d...a3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d84bb5d8d9e13ba352212cb64a3d7a3.exe

  • Size

    22.4MB

  • Sample

    241008-t4ss9syerf

  • MD5

    2d84bb5d8d9e13ba352212cb64a3d7a3

  • SHA1

    7d8607042fd26b12d32e3509ce81eedbfe9e3b36

  • SHA256

    69868a1882f9a02e5c5b32858e8f3cbdc74a648413242db3913a2737efcc0775

  • SHA512

    321c4c05ef43851dff450e47c61d278ddf39930f1255f83a7ec86a606551f5125955624037c8356c2434691c3bb39a800dbadfb24b958f35658a503ebc22599d

  • SSDEEP

    393216:Fm9EvdSYwu8mATh3qfs0eXIM/mKDz0c+xxoG3uuBt8VN0AfbDlITDdpjIIfq5+:Fm4NJATh3oeXXJ0REG+uBtfgqVpjIIfD

Score
10/10
rmsdiscoveryrattrojanupx

Malware Config

Targets

    • Target

      2d84bb5d8d9e13ba352212cb64a3d7a3.exe

    • Size

      22.4MB

    • MD5

      2d84bb5d8d9e13ba352212cb64a3d7a3

    • SHA1

      7d8607042fd26b12d32e3509ce81eedbfe9e3b36

    • SHA256

      69868a1882f9a02e5c5b32858e8f3cbdc74a648413242db3913a2737efcc0775

    • SHA512

      321c4c05ef43851dff450e47c61d278ddf39930f1255f83a7ec86a606551f5125955624037c8356c2434691c3bb39a800dbadfb24b958f35658a503ebc22599d

    • SSDEEP

      393216:Fm9EvdSYwu8mATh3qfs0eXIM/mKDz0c+xxoG3uuBt8VN0AfbDlITDdpjIIfq5+:Fm4NJATh3oeXXJ0REG+uBtfgqVpjIIfD

    Score
    10/10
    rmsdiscoveryrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks