General
-
Target
34f40cfa2823d88907f8d73c701aba10439b9a8e754cb3b71b026db00833d222
-
Size
4.5MB
-
Sample
220326-yz5pgshad2
-
MD5
aa49af78c5949910f09e3d303f2b7680
-
SHA1
cf9d1787f45ee932791ab0a797a2fc67ecb5eb17
-
SHA256
34f40cfa2823d88907f8d73c701aba10439b9a8e754cb3b71b026db00833d222
-
SHA512
85c0a891667aafb44eca64d978eca2346771095f440880328749fd99ee7000f527a163a8985782a30a845f7dfab43eb66a61619948759508193453ca33ba2205
Malware Config
Targets
-
-
Target
34f40cfa2823d88907f8d73c701aba10439b9a8e754cb3b71b026db00833d222
-
Size
4.5MB
-
MD5
aa49af78c5949910f09e3d303f2b7680
-
SHA1
cf9d1787f45ee932791ab0a797a2fc67ecb5eb17
-
SHA256
34f40cfa2823d88907f8d73c701aba10439b9a8e754cb3b71b026db00833d222
-
SHA512
85c0a891667aafb44eca64d978eca2346771095f440880328749fd99ee7000f527a163a8985782a30a845f7dfab43eb66a61619948759508193453ca33ba2205
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-