General

  • Target

    3cc9e7d200d5e06142cf837f60b87d99b25d188c7cb52ab0bbdbe9090b7aeaea

  • Size

    5.5MB

  • Sample

    220415-gqyq5sghgq

  • MD5

    cc9c6aee7ceaf6e332f4baa7347c0195

  • SHA1

    ead3f94f0647f6cffc0399657e0fd1b0e665a8dd

  • SHA256

    3cc9e7d200d5e06142cf837f60b87d99b25d188c7cb52ab0bbdbe9090b7aeaea

  • SHA512

    cf18e6477fd61852a2a1b44d0d1f40ed5839b107da331e11166ac976482cddf79462fd6cf1e354cf8cccb04e4c9374cbe4b5e97b21e79379cd5f1d2978fa3e5c

Score
10/10

Malware Config

Targets

    • Target

      3cc9e7d200d5e06142cf837f60b87d99b25d188c7cb52ab0bbdbe9090b7aeaea

    • Size

      5.5MB

    • MD5

      cc9c6aee7ceaf6e332f4baa7347c0195

    • SHA1

      ead3f94f0647f6cffc0399657e0fd1b0e665a8dd

    • SHA256

      3cc9e7d200d5e06142cf837f60b87d99b25d188c7cb52ab0bbdbe9090b7aeaea

    • SHA512

      cf18e6477fd61852a2a1b44d0d1f40ed5839b107da331e11166ac976482cddf79462fd6cf1e354cf8cccb04e4c9374cbe4b5e97b21e79379cd5f1d2978fa3e5c

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks