General
-
Target
5a0746efe225da2d41bd802670ef63d55a598fcdf12275283532144df6b7a1bb
-
Size
3.9MB
-
Sample
220724-cjex8sbafq
-
MD5
147e30ac09fe0df9eb498dd832b55243
-
SHA1
f23823d52b5e50583b05da54f9e49b9786b0377c
-
SHA256
5a0746efe225da2d41bd802670ef63d55a598fcdf12275283532144df6b7a1bb
-
SHA512
96c6bc27e3dce82c6de712501a3116a846f08acc6d0ffe0a0a7ec2c219b715d717038e736e4c7c66e0ae37358590b6e8604881c6e3076e1a087aaf673109bbcd
Malware Config
Targets
-
-
Target
5a0746efe225da2d41bd802670ef63d55a598fcdf12275283532144df6b7a1bb
-
Size
3.9MB
-
MD5
147e30ac09fe0df9eb498dd832b55243
-
SHA1
f23823d52b5e50583b05da54f9e49b9786b0377c
-
SHA256
5a0746efe225da2d41bd802670ef63d55a598fcdf12275283532144df6b7a1bb
-
SHA512
96c6bc27e3dce82c6de712501a3116a846f08acc6d0ffe0a0a7ec2c219b715d717038e736e4c7c66e0ae37358590b6e8604881c6e3076e1a087aaf673109bbcd
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-