General

  • Target

    R.exe

  • Size

    4.0MB

  • Sample

    201222-v6l9frn9zs

  • MD5

    f454674192c23053843a3b493b3d0e7f

  • SHA1

    8cb0d3e35a58ddadfca4dbd87b075058b542092f

  • SHA256

    76de9f8d6f0fcf8c5fb2bafc387c363e138af15cf751d2c2a230ad9cafd6271c

  • SHA512

    655040b6c3a7ad5a61a475db45c34520fdcc296e03b360427c495529a862edb8c74b2b4dcf4a3b590e679c42eab66bc976092d80318407ca4355a2322506336a

Malware Config

Targets

    • Target

      R.exe

    • Size

      4.0MB

    • MD5

      f454674192c23053843a3b493b3d0e7f

    • SHA1

      8cb0d3e35a58ddadfca4dbd87b075058b542092f

    • SHA256

      76de9f8d6f0fcf8c5fb2bafc387c363e138af15cf751d2c2a230ad9cafd6271c

    • SHA512

      655040b6c3a7ad5a61a475db45c34520fdcc296e03b360427c495529a862edb8c74b2b4dcf4a3b590e679c42eab66bc976092d80318407ca4355a2322506336a

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Hidden Files and Directories

2
T1158

Defense Evasion

Hidden Files and Directories

2
T1158

Discovery

Query Registry

1
T1012

Tasks