General
-
Target
a01f2169db8bcc43eac67014315292d5fe7f5dfc08568860c1fa42ce432b2314
-
Size
4.5MB
-
Sample
220525-bn867shghj
-
MD5
a76c2fa50a3be5cbdefbd7c0adf1d3ee
-
SHA1
ffec9b38c6660e872e5f8a0a7057a5e582a94d0a
-
SHA256
a01f2169db8bcc43eac67014315292d5fe7f5dfc08568860c1fa42ce432b2314
-
SHA512
ac88405da8b849157cc195bf4ae4930e28a2bebd4c5bae2ca6c794399dc97605c21503303b2dea32ef86202a8a4ce4871947b12b40415dd4cc0465059b6cf8bf
Malware Config
Targets
-
-
Target
a01f2169db8bcc43eac67014315292d5fe7f5dfc08568860c1fa42ce432b2314
-
Size
4.5MB
-
MD5
a76c2fa50a3be5cbdefbd7c0adf1d3ee
-
SHA1
ffec9b38c6660e872e5f8a0a7057a5e582a94d0a
-
SHA256
a01f2169db8bcc43eac67014315292d5fe7f5dfc08568860c1fa42ce432b2314
-
SHA512
ac88405da8b849157cc195bf4ae4930e28a2bebd4c5bae2ca6c794399dc97605c21503303b2dea32ef86202a8a4ce4871947b12b40415dd4cc0465059b6cf8bf
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-