General

  • Target

    368f1100b8a647f2d758ae34183cfb37f432dced201f52021762f759423ecc5c

  • Size

    4.2MB

  • Sample

    220128-yvv99acchr

  • MD5

    ee1bc99970426e22224961cf5e9c5fda

  • SHA1

    7ba4d127c6cd6b5392870f0272c7045c9932db17

  • SHA256

    368f1100b8a647f2d758ae34183cfb37f432dced201f52021762f759423ecc5c

  • SHA512

    d06cba23f26c4a31f0bbffd81f2500859798254005b74a047db27baa5e2f0fb551e708d17bc6de8bc39eb58eef6a1ec002432376b3e3dc58ccf4130d11ebb39f

Score
10/10

Malware Config

Targets

    • Target

      368f1100b8a647f2d758ae34183cfb37f432dced201f52021762f759423ecc5c

    • Size

      4.2MB

    • MD5

      ee1bc99970426e22224961cf5e9c5fda

    • SHA1

      7ba4d127c6cd6b5392870f0272c7045c9932db17

    • SHA256

      368f1100b8a647f2d758ae34183cfb37f432dced201f52021762f759423ecc5c

    • SHA512

      d06cba23f26c4a31f0bbffd81f2500859798254005b74a047db27baa5e2f0fb551e708d17bc6de8bc39eb58eef6a1ec002432376b3e3dc58ccf4130d11ebb39f

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks