General

  • Target

    976201ccca842e43bec53d8cdc669c832097ae9f36bb6e22e8c1891a62b59c21

  • Size

    5.0MB

  • Sample

    220415-cf29csbgc2

  • MD5

    6307ece1cd4ec151647169166c34d6e6

  • SHA1

    019809841729aee6997979a9b062aec243f94c5b

  • SHA256

    976201ccca842e43bec53d8cdc669c832097ae9f36bb6e22e8c1891a62b59c21

  • SHA512

    5a8e7b75ec41d24ed6e4232c3b47c7e458e078ebc37edbb124a004ec9845e81ee4c831fe61448e6093866f5c568545a6522533cf9b6a4f25d4b42756d5d1f046

Malware Config

Targets

    • Target

      976201ccca842e43bec53d8cdc669c832097ae9f36bb6e22e8c1891a62b59c21

    • Size

      5.0MB

    • MD5

      6307ece1cd4ec151647169166c34d6e6

    • SHA1

      019809841729aee6997979a9b062aec243f94c5b

    • SHA256

      976201ccca842e43bec53d8cdc669c832097ae9f36bb6e22e8c1891a62b59c21

    • SHA512

      5a8e7b75ec41d24ed6e4232c3b47c7e458e078ebc37edbb124a004ec9845e81ee4c831fe61448e6093866f5c568545a6522533cf9b6a4f25d4b42756d5d1f046

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks