General

  • Target

    5762F57BDB828CA779ACFDDE7B4C986F2562696C87EDF.exe

  • Size

    16.9MB

  • Sample

    220427-abg2hsafhl

  • MD5

    09958baceb3f9d9e783b7dd9afb8848e

  • SHA1

    a8fa4cd44b887af47d2963a0362efc91395a498f

  • SHA256

    5762f57bdb828ca779acfdde7b4c986f2562696c87edf9b26f2985df9c287749

  • SHA512

    3a5dace41fc7c231be0644cffdae20daea451e89fbba59eb9243aa437d6cd8ca0d0285d36cc31f26d3e81fd2197001a3623a5e35d8f98c1c3a76dbd80c4ab3f5

Score
10/10

Malware Config

Targets

    • Target

      5762F57BDB828CA779ACFDDE7B4C986F2562696C87EDF.exe

    • Size

      16.9MB

    • MD5

      09958baceb3f9d9e783b7dd9afb8848e

    • SHA1

      a8fa4cd44b887af47d2963a0362efc91395a498f

    • SHA256

      5762f57bdb828ca779acfdde7b4c986f2562696c87edf9b26f2985df9c287749

    • SHA512

      3a5dace41fc7c231be0644cffdae20daea451e89fbba59eb9243aa437d6cd8ca0d0285d36cc31f26d3e81fd2197001a3623a5e35d8f98c1c3a76dbd80c4ab3f5

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks