General
-
Target
8f114509f049f792d2e39ace4fc95be51e1a5a3b2995de11093810076db4240f
-
Size
4.0MB
-
Sample
220207-xv1pasfhcr
-
MD5
c0b25d69677a37dd6e3c3da1648df172
-
SHA1
898be29187672e6d5b4d5c7096436d1d5ffc932d
-
SHA256
8f114509f049f792d2e39ace4fc95be51e1a5a3b2995de11093810076db4240f
-
SHA512
56f87ffd550bc2e940c70ede56e27f357a31e00638d944d7f54ae7f9946e81c74d1ee80cc93343eab71044085e38224d7f2baa884a7ab36051c491277b5c48e7
Malware Config
Targets
-
-
Target
8f114509f049f792d2e39ace4fc95be51e1a5a3b2995de11093810076db4240f
-
Size
4.0MB
-
MD5
c0b25d69677a37dd6e3c3da1648df172
-
SHA1
898be29187672e6d5b4d5c7096436d1d5ffc932d
-
SHA256
8f114509f049f792d2e39ace4fc95be51e1a5a3b2995de11093810076db4240f
-
SHA512
56f87ffd550bc2e940c70ede56e27f357a31e00638d944d7f54ae7f9946e81c74d1ee80cc93343eab71044085e38224d7f2baa884a7ab36051c491277b5c48e7
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-