General
-
Target
dac68e2f9df041aacd69b3f29a37c5d2de0c38638772b9ab973d0f242febc4c8
-
Size
16.3MB
-
Sample
220309-e4vkjaddh4
-
MD5
e43ee6c5054feb07a7ff7d218e50b5f4
-
SHA1
349856aaa3a026768369e0d0a113ffa2287c2852
-
SHA256
dac68e2f9df041aacd69b3f29a37c5d2de0c38638772b9ab973d0f242febc4c8
-
SHA512
8f43cb072fe37eb859d9f4b019dd45d441b3f9421a8d931c1d6e4d76c1f81eda56bfc8d70996b3dab4e5d54e6cb978943e9f5643b0ffe90e4a98ed9798d5de46
Malware Config
Targets
-
-
Target
dac68e2f9df041aacd69b3f29a37c5d2de0c38638772b9ab973d0f242febc4c8
-
Size
16.3MB
-
MD5
e43ee6c5054feb07a7ff7d218e50b5f4
-
SHA1
349856aaa3a026768369e0d0a113ffa2287c2852
-
SHA256
dac68e2f9df041aacd69b3f29a37c5d2de0c38638772b9ab973d0f242febc4c8
-
SHA512
8f43cb072fe37eb859d9f4b019dd45d441b3f9421a8d931c1d6e4d76c1f81eda56bfc8d70996b3dab4e5d54e6cb978943e9f5643b0ffe90e4a98ed9798d5de46
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
UAC bypass
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Stops running service(s)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-