General

  • Target

    1d2e684a62e870e6b0c6794d539502870b9314edd99ce777fde4ded6e103097c

  • Size

    4.5MB

  • Sample

    220420-s886dagbg8

  • MD5

    fd21e5aae8d898331b46b428986ad774

  • SHA1

    4a8f9681e6ad126b9b0860af71021b65ea7e3e17

  • SHA256

    1d2e684a62e870e6b0c6794d539502870b9314edd99ce777fde4ded6e103097c

  • SHA512

    1a5405ff6fbecf4debe3556e1271c0a6b4e097c0f92d63b9bd6bbfc22ecb675ad7a1dd90590a46c43afae309cb33b5b6c2d2d43b4a1788de23941170ab17d371

Malware Config

Targets

    • Target

      1d2e684a62e870e6b0c6794d539502870b9314edd99ce777fde4ded6e103097c

    • Size

      4.5MB

    • MD5

      fd21e5aae8d898331b46b428986ad774

    • SHA1

      4a8f9681e6ad126b9b0860af71021b65ea7e3e17

    • SHA256

      1d2e684a62e870e6b0c6794d539502870b9314edd99ce777fde4ded6e103097c

    • SHA512

      1a5405ff6fbecf4debe3556e1271c0a6b4e097c0f92d63b9bd6bbfc22ecb675ad7a1dd90590a46c43afae309cb33b5b6c2d2d43b4a1788de23941170ab17d371

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks