General

  • Target

    6f739d47289850c7a57d4216497900f82d5c361630adace4f879e9e09582f2d1

  • Size

    4.4MB

  • Sample

    220502-xhg2esgbem

  • MD5

    2d964916b664386abe7561039b62231f

  • SHA1

    c72b18c84ffc1cb5a8e9b7a876aa4830bff6e7cc

  • SHA256

    6f739d47289850c7a57d4216497900f82d5c361630adace4f879e9e09582f2d1

  • SHA512

    0c18454815efe42302de19d8c1f35b5e54a3ce2f5359f4bcce4f295f88bb823c61fd31edcc95cc1a78a8f08c3460508aaaefeed880fa5f5d06026900ded0f709

Score
10/10

Malware Config

Targets

    • Target

      6f739d47289850c7a57d4216497900f82d5c361630adace4f879e9e09582f2d1

    • Size

      4.4MB

    • MD5

      2d964916b664386abe7561039b62231f

    • SHA1

      c72b18c84ffc1cb5a8e9b7a876aa4830bff6e7cc

    • SHA256

      6f739d47289850c7a57d4216497900f82d5c361630adace4f879e9e09582f2d1

    • SHA512

      0c18454815efe42302de19d8c1f35b5e54a3ce2f5359f4bcce4f295f88bb823c61fd31edcc95cc1a78a8f08c3460508aaaefeed880fa5f5d06026900ded0f709

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks