General

  • Target

    a73257c612eff6dce25c2667b0e16a692a5c7e45459e82357bdb53afcc77e92f

  • Size

    3.9MB

  • Sample

    220128-xsxvmabbal

  • MD5

    cad2fa1b6a902fe846e7fa3b813368ee

  • SHA1

    72374b35acabea5666f9609e07a691ebe7d97211

  • SHA256

    a73257c612eff6dce25c2667b0e16a692a5c7e45459e82357bdb53afcc77e92f

  • SHA512

    0bf3105364d3b959c3adc22adebe96311da08faf2ecd9e2db18756cfbb6873a51c443df98bc1465095af03c5db913332bdc5b04265676799e823ea13a41ee641

Malware Config

Targets

    • Target

      a73257c612eff6dce25c2667b0e16a692a5c7e45459e82357bdb53afcc77e92f

    • Size

      3.9MB

    • MD5

      cad2fa1b6a902fe846e7fa3b813368ee

    • SHA1

      72374b35acabea5666f9609e07a691ebe7d97211

    • SHA256

      a73257c612eff6dce25c2667b0e16a692a5c7e45459e82357bdb53afcc77e92f

    • SHA512

      0bf3105364d3b959c3adc22adebe96311da08faf2ecd9e2db18756cfbb6873a51c443df98bc1465095af03c5db913332bdc5b04265676799e823ea13a41ee641

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • UAC bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks