Overview

overview

10

Static

static

5

8c4a21abb7...59.exe

windows7-x64

10

8c4a21abb7...59.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79b940cedb20098990864f8f0a60372f.bin

  • Size

    15.9MB

  • Sample

    241014-lj277stakf

  • MD5

    0e270edd86a39a41090f23cc719f8618

  • SHA1

    87680dd9ad50dd605bb277b8fdce7a1de4548ecb

  • SHA256

    1dc50c8e0ac6fda0126ac5fa44745d0eab3042d7a6f33ef0edbdf9ed670a8379

  • SHA512

    28b02efc09d0208ac2108cfd8c52f5478e7108b6a42592ad9f0fe8c5b37729538432c3419fcfcd0d1060e9feb37a3b0246cdce26dfcfec43122e31cbcfd62369

  • SSDEEP

    393216:AIENKgdOGvVE1RO7IFCYIm+C1nCGeE3/RyOGfLyt:AIEmGvVE1RLCYI+CGNRVGjyt

Score
10/10
rmsdiscoveryrattrojanupx

Malware Config

Targets

    • Target

      8c4a21abb710c7461e914ffaac2e0e0bd9f787ecea09c40eb6fcebee6c0b7459.exe

    • Size

      16.4MB

    • MD5

      79b940cedb20098990864f8f0a60372f

    • SHA1

      b763fd1a3f54bcdaacd7ab6b51387e49834225a7

    • SHA256

      8c4a21abb710c7461e914ffaac2e0e0bd9f787ecea09c40eb6fcebee6c0b7459

    • SHA512

      e0ae344de6303b75c9c880a5d897d305f1e6ab3e3588ddf3f6ba21e1a229ad2b72765667fb6ce11be0c66f55fda942ea395f6970d4f0c23f90a9cdb6cdc601bd

    • SSDEEP

      393216:DfdMgv/raPXH/rv6VxoaPDpZwoCoOEjDl+6:DFMg3sXfWVxowl+oCoOz6

    Score
    10/10
    rmsdiscoveryrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks