General
-
Target
056579c8cdda74bbeb5a9092b59a65c87bb5786dd42de1df085f26b547583d78
-
Size
4.5MB
-
Sample
220520-ptre8sbga4
-
MD5
e584b788e0df44f41ffc98f116f89847
-
SHA1
d55f6ffbc8fc76e34d8e5e7c6878edeffb05560f
-
SHA256
056579c8cdda74bbeb5a9092b59a65c87bb5786dd42de1df085f26b547583d78
-
SHA512
2cd89f177dfa048f4ae11a9bd9436d4135dd34ca2f62f84b83d6dda68ce30857bac0384945704b900142b47edb80db0ba610dab3d238251176932a77ac9d9963
Malware Config
Targets
-
-
Target
056579c8cdda74bbeb5a9092b59a65c87bb5786dd42de1df085f26b547583d78
-
Size
4.5MB
-
MD5
e584b788e0df44f41ffc98f116f89847
-
SHA1
d55f6ffbc8fc76e34d8e5e7c6878edeffb05560f
-
SHA256
056579c8cdda74bbeb5a9092b59a65c87bb5786dd42de1df085f26b547583d78
-
SHA512
2cd89f177dfa048f4ae11a9bd9436d4135dd34ca2f62f84b83d6dda68ce30857bac0384945704b900142b47edb80db0ba610dab3d238251176932a77ac9d9963
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-