General

  • Target

    61f4cffbaf458455c6a2b535ab122054dfbf9bbe38ffc901628d6dcf59565826

  • Size

    6.1MB

  • Sample

    220415-ebx5yscbhk

  • MD5

    791aaa29203972c86c9fe34f404001ea

  • SHA1

    289ae7d7bc3f38dd4486926309c65937d0730829

  • SHA256

    61f4cffbaf458455c6a2b535ab122054dfbf9bbe38ffc901628d6dcf59565826

  • SHA512

    5202e11fd10fdcce03b4279660ef4c65f1df3d3be850a95401fd358e6b269a0716f026d453fdf7cb31045a1b35a183528a3b4743a76766d98387cad10c60904d

Score
10/10

Malware Config

Targets

    • Target

      61f4cffbaf458455c6a2b535ab122054dfbf9bbe38ffc901628d6dcf59565826

    • Size

      6.1MB

    • MD5

      791aaa29203972c86c9fe34f404001ea

    • SHA1

      289ae7d7bc3f38dd4486926309c65937d0730829

    • SHA256

      61f4cffbaf458455c6a2b535ab122054dfbf9bbe38ffc901628d6dcf59565826

    • SHA512

      5202e11fd10fdcce03b4279660ef4c65f1df3d3be850a95401fd358e6b269a0716f026d453fdf7cb31045a1b35a183528a3b4743a76766d98387cad10c60904d

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks