General

  • Target

    81b4c8939929fd7098ebbbed373e56da265398a1f42e9da1dfcc239f1e8f77db

  • Size

    5.3MB

  • Sample

    220502-d6wd6sbdh8

  • MD5

    1dcb867334b4730911d6eb729bce78bf

  • SHA1

    5912be93c7427a40634b8fb9895459092e039662

  • SHA256

    81b4c8939929fd7098ebbbed373e56da265398a1f42e9da1dfcc239f1e8f77db

  • SHA512

    f7e7707d9164861a67d0b5b54ada0e4b6876bc516e002dbba4bd7110465e2f6a3a1652d2c6493fa1b59fdc4f758229f170dddc4cf5ee10ae86b68032f583c893

Malware Config

Targets

    • Target

      81b4c8939929fd7098ebbbed373e56da265398a1f42e9da1dfcc239f1e8f77db

    • Size

      5.3MB

    • MD5

      1dcb867334b4730911d6eb729bce78bf

    • SHA1

      5912be93c7427a40634b8fb9895459092e039662

    • SHA256

      81b4c8939929fd7098ebbbed373e56da265398a1f42e9da1dfcc239f1e8f77db

    • SHA512

      f7e7707d9164861a67d0b5b54ada0e4b6876bc516e002dbba4bd7110465e2f6a3a1652d2c6493fa1b59fdc4f758229f170dddc4cf5ee10ae86b68032f583c893

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks