General
-
Target
7af9378762710bb5e1f2090b98e0a515f8680321874262b9834421f7b9b556a9
-
Size
4.5MB
-
Sample
220725-djsd1acac8
-
MD5
12f5f001ec2ef7421599f8415f9d2db0
-
SHA1
5a7776eb5cb8d3d6c14d9ecbf8157f4df3b4e964
-
SHA256
7af9378762710bb5e1f2090b98e0a515f8680321874262b9834421f7b9b556a9
-
SHA512
60eff2d80b7d41f79dc2bb7d8d8430eaf77f87408910f6e4108ec4a219061d3d40f52a855ca59a48f905fcb9c13266c68158130ed0d994732cd5ddf39a6b2c45
Malware Config
Targets
-
-
Target
7af9378762710bb5e1f2090b98e0a515f8680321874262b9834421f7b9b556a9
-
Size
4.5MB
-
MD5
12f5f001ec2ef7421599f8415f9d2db0
-
SHA1
5a7776eb5cb8d3d6c14d9ecbf8157f4df3b4e964
-
SHA256
7af9378762710bb5e1f2090b98e0a515f8680321874262b9834421f7b9b556a9
-
SHA512
60eff2d80b7d41f79dc2bb7d8d8430eaf77f87408910f6e4108ec4a219061d3d40f52a855ca59a48f905fcb9c13266c68158130ed0d994732cd5ddf39a6b2c45
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-