General
-
Target
94e4d5fcc31fc37aa29b3d042bc2c0295b66592f33730e05e2889a9a69f32f5f.exe
-
Size
16.4MB
-
Sample
220626-wz81ssdhc5
-
MD5
54a57c4a0b4891ad3ea90bdf833beed7
-
SHA1
7c9bf87daa9c7f894dcfdaa19e75808938db9f51
-
SHA256
94e4d5fcc31fc37aa29b3d042bc2c0295b66592f33730e05e2889a9a69f32f5f
-
SHA512
1750105257b095c3c97d2a45a9eede594caebdce4f5c7791c008b782067844ae9519deed0bd5358f87bf9a3d3fa06c543a23a81c9a63bf456e4357546f9b3d18
Malware Config
Targets
-
-
Target
94e4d5fcc31fc37aa29b3d042bc2c0295b66592f33730e05e2889a9a69f32f5f.exe
-
Size
16.4MB
-
MD5
54a57c4a0b4891ad3ea90bdf833beed7
-
SHA1
7c9bf87daa9c7f894dcfdaa19e75808938db9f51
-
SHA256
94e4d5fcc31fc37aa29b3d042bc2c0295b66592f33730e05e2889a9a69f32f5f
-
SHA512
1750105257b095c3c97d2a45a9eede594caebdce4f5c7791c008b782067844ae9519deed0bd5358f87bf9a3d3fa06c543a23a81c9a63bf456e4357546f9b3d18
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-