General

  • Target

    93e50513752ec7431a1e1a5a50fbaf66d1dabebb00753fb40c5ea3cb74f797ca

  • Size

    6.1MB

  • Sample

    220415-h2lfmabbek

  • MD5

    482e2fa27a9d4ed483feedcc72ce3b48

  • SHA1

    2fd62a89e0495211eab4b3aaac68b88498f3c0a9

  • SHA256

    93e50513752ec7431a1e1a5a50fbaf66d1dabebb00753fb40c5ea3cb74f797ca

  • SHA512

    35582b0cd5557f9bd38898fa87f4f46411dbfbee4390c23fcec2ff55ad9ae5f3d33e6c14222e0a5753e295fb80fb5da906d9123d866820db6c21c2f24774fa82

Score
10/10

Malware Config

Targets

    • Target

      93e50513752ec7431a1e1a5a50fbaf66d1dabebb00753fb40c5ea3cb74f797ca

    • Size

      6.1MB

    • MD5

      482e2fa27a9d4ed483feedcc72ce3b48

    • SHA1

      2fd62a89e0495211eab4b3aaac68b88498f3c0a9

    • SHA256

      93e50513752ec7431a1e1a5a50fbaf66d1dabebb00753fb40c5ea3cb74f797ca

    • SHA512

      35582b0cd5557f9bd38898fa87f4f46411dbfbee4390c23fcec2ff55ad9ae5f3d33e6c14222e0a5753e295fb80fb5da906d9123d866820db6c21c2f24774fa82

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks