General
-
Target
7cc245b682225236b893fb978b655d972c9b5a394d6e0887e1c84f38de30eb10
-
Size
4.5MB
-
Sample
220725-fp3g9sfhfr
-
MD5
48da31754d391baf1e24682709fbd3af
-
SHA1
ab1d4cd09f203e2581d5cccc0952979e2501dc2d
-
SHA256
7cc245b682225236b893fb978b655d972c9b5a394d6e0887e1c84f38de30eb10
-
SHA512
cf671024ab36cd6f4220a1c0fa8846de9c2d677dff6b0b7a57fa3eace7bad2ed47bcd5cb0dbf1a8242794bf24ddad9bd3e0a49f4673d0a82ee702122fdf5c2eb
Malware Config
Targets
-
-
Target
7cc245b682225236b893fb978b655d972c9b5a394d6e0887e1c84f38de30eb10
-
Size
4.5MB
-
MD5
48da31754d391baf1e24682709fbd3af
-
SHA1
ab1d4cd09f203e2581d5cccc0952979e2501dc2d
-
SHA256
7cc245b682225236b893fb978b655d972c9b5a394d6e0887e1c84f38de30eb10
-
SHA512
cf671024ab36cd6f4220a1c0fa8846de9c2d677dff6b0b7a57fa3eace7bad2ed47bcd5cb0dbf1a8242794bf24ddad9bd3e0a49f4673d0a82ee702122fdf5c2eb
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-