General

  • Target

    acda7ab12e2fe8ebc06a1daa44a557322d689645fa8cc5ad434694f49c478122.zip

  • Size

    11.9MB

  • Sample

    211125-n7llgafafl

  • MD5

    2ca58ac9930f03223099428d72ebbfed

  • SHA1

    4c91bf86e878079935a19216b2d15ead4c6fd2f8

  • SHA256

    acda7ab12e2fe8ebc06a1daa44a557322d689645fa8cc5ad434694f49c478122

  • SHA512

    f5d4af4fc0bac8f163a6874b3edd1e5c209b57cfd915f49603cc70b4f6aefb75d899d6edc71e845fff2957ef581736e9f8f0cb3eee49d7413af1a0e2840b1e15

Score
10/10

Malware Config

Targets

    • Target

      VMware/Service/vmscore.exe

    • Size

      17.1MB

    • MD5

      4998446e6c16d36185faa040c6ea659a

    • SHA1

      18828e72224bff71730ad7e90952d7d3b0a53293

    • SHA256

      8e63f9781e37269e3c4aea0f6266aa01154dc3491c5154267fda828d41e23abc

    • SHA512

      4db58e144acec3471ba9f007577b6e2f296394c520a02527ed5209563b122938214cc3c201021eb53cea49f681203ecf1c8c37629a678bb15e8d1a7ebed78fde

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks