General
-
Target
ad05b010a36712d9b0c8a98b5c1e77158860f747e22ffa28e9813597f8ab354d
-
Size
4.5MB
-
Sample
220725-aglxnaehbr
-
MD5
c4e49b826171b476482ca2aa0d3cd2ae
-
SHA1
771c1518801dbe402895dcfcc63400cc34dbb967
-
SHA256
ad05b010a36712d9b0c8a98b5c1e77158860f747e22ffa28e9813597f8ab354d
-
SHA512
81f2ccb7379f519221ab1e894ab668fa926702681ad0a448e5933a93ed1d3a9515da395017e90f93f124465fbfa87d84a6288455c008b7e4e561603f83e228d8
Malware Config
Targets
-
-
Target
ad05b010a36712d9b0c8a98b5c1e77158860f747e22ffa28e9813597f8ab354d
-
Size
4.5MB
-
MD5
c4e49b826171b476482ca2aa0d3cd2ae
-
SHA1
771c1518801dbe402895dcfcc63400cc34dbb967
-
SHA256
ad05b010a36712d9b0c8a98b5c1e77158860f747e22ffa28e9813597f8ab354d
-
SHA512
81f2ccb7379f519221ab1e894ab668fa926702681ad0a448e5933a93ed1d3a9515da395017e90f93f124465fbfa87d84a6288455c008b7e4e561603f83e228d8
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-