General

  • Target

    80fb8a3b1fda0a1483e87e749c7a2f2a9c9fdaf6c3d581668baba723b9e2a920

  • Size

    5.3MB

  • Sample

    220128-17qlmsfda9

  • MD5

    d96f7d875790ba3d5c6c16082f9463c3

  • SHA1

    15ec88015fb554302db131258c8c11c9e46209d4

  • SHA256

    80fb8a3b1fda0a1483e87e749c7a2f2a9c9fdaf6c3d581668baba723b9e2a920

  • SHA512

    eee85218b5da3f67cdc2b12fdd4f80f9e237607948765538f69293f2f9d02db4ff4c03f9dcc4f147014de1512dd49f04eb0ae0f86380b75be96bc2dc830bf3e3

Score
10/10

Malware Config

Targets

    • Target

      80fb8a3b1fda0a1483e87e749c7a2f2a9c9fdaf6c3d581668baba723b9e2a920

    • Size

      5.3MB

    • MD5

      d96f7d875790ba3d5c6c16082f9463c3

    • SHA1

      15ec88015fb554302db131258c8c11c9e46209d4

    • SHA256

      80fb8a3b1fda0a1483e87e749c7a2f2a9c9fdaf6c3d581668baba723b9e2a920

    • SHA512

      eee85218b5da3f67cdc2b12fdd4f80f9e237607948765538f69293f2f9d02db4ff4c03f9dcc4f147014de1512dd49f04eb0ae0f86380b75be96bc2dc830bf3e3

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • autoit_exe

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v6

Tasks