General

  • Target

    0e972efe20db99cff2af7f8d6bbc029e6c107e849045c5c5209f8f0308c8a4a8

  • Size

    6.7MB

  • Sample

    220415-h6kd5aecd7

  • MD5

    e6b419a2fe8d87b653ea859abe63d7a3

  • SHA1

    5d41fe1c4cd9fea2ebd7f0488f21e9b003583729

  • SHA256

    0e972efe20db99cff2af7f8d6bbc029e6c107e849045c5c5209f8f0308c8a4a8

  • SHA512

    c376827d4eaca02e806ab8c2a844db75cb944ff65c633c37d4c5f8c7bf5ae5cee671a124e46653501970bb2456155a9f47972f153838ee91a3463365a7e8aa00

Score
10/10

Malware Config

Targets

    • Target

      0e972efe20db99cff2af7f8d6bbc029e6c107e849045c5c5209f8f0308c8a4a8

    • Size

      6.7MB

    • MD5

      e6b419a2fe8d87b653ea859abe63d7a3

    • SHA1

      5d41fe1c4cd9fea2ebd7f0488f21e9b003583729

    • SHA256

      0e972efe20db99cff2af7f8d6bbc029e6c107e849045c5c5209f8f0308c8a4a8

    • SHA512

      c376827d4eaca02e806ab8c2a844db75cb944ff65c633c37d4c5f8c7bf5ae5cee671a124e46653501970bb2456155a9f47972f153838ee91a3463365a7e8aa00

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks