General
-
Target
151da688aa59bda8a48941559f15d6b61e11d4d62f7af1537ac5bc149fb4a083
-
Size
6.2MB
-
Sample
220708-ka9p9ahbgm
-
MD5
474fd12f9e7e6321528226b0c5c7a555
-
SHA1
328b8face61784a1e39718c8426b8a3195cda41d
-
SHA256
151da688aa59bda8a48941559f15d6b61e11d4d62f7af1537ac5bc149fb4a083
-
SHA512
5b87863ab34dd62cb246df734e36c0261420fc352ebad7c7dd83419cf3d8c2e9d0bd19b071c42262f9c821c8fb05aa28b127b73136e12fc534450c1d5fd55a50
Malware Config
Targets
-
-
Target
151da688aa59bda8a48941559f15d6b61e11d4d62f7af1537ac5bc149fb4a083
-
Size
6.2MB
-
MD5
474fd12f9e7e6321528226b0c5c7a555
-
SHA1
328b8face61784a1e39718c8426b8a3195cda41d
-
SHA256
151da688aa59bda8a48941559f15d6b61e11d4d62f7af1537ac5bc149fb4a083
-
SHA512
5b87863ab34dd62cb246df734e36c0261420fc352ebad7c7dd83419cf3d8c2e9d0bd19b071c42262f9c821c8fb05aa28b127b73136e12fc534450c1d5fd55a50
Score10/10-
Modifies WinLogon for persistence
-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-