General
-
Target
5ca050af396a615d9f342b12ad4cb5ca1413b8ae8687bfd8f80bf83a859479bb
-
Size
13.8MB
-
Sample
220801-ghrmvsddhp
-
MD5
7092d2964964ec02188ecf9f07aefc88
-
SHA1
e87994b619b5139e20b14db2a8b2d0a41e36a6e2
-
SHA256
5ca050af396a615d9f342b12ad4cb5ca1413b8ae8687bfd8f80bf83a859479bb
-
SHA512
6da77c955071b7f1a430ce4f559ee655658fdd1392c9136a9359a62e6270d0b1f2bfe616173911ae0cdb331200fa204dce63c5df16db08b6e03a41f9c3215a6c
Malware Config
Targets
-
-
Target
5ca050af396a615d9f342b12ad4cb5ca1413b8ae8687bfd8f80bf83a859479bb
-
Size
13.8MB
-
MD5
7092d2964964ec02188ecf9f07aefc88
-
SHA1
e87994b619b5139e20b14db2a8b2d0a41e36a6e2
-
SHA256
5ca050af396a615d9f342b12ad4cb5ca1413b8ae8687bfd8f80bf83a859479bb
-
SHA512
6da77c955071b7f1a430ce4f559ee655658fdd1392c9136a9359a62e6270d0b1f2bfe616173911ae0cdb331200fa204dce63c5df16db08b6e03a41f9c3215a6c
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
UAC bypass
-
Windows security bypass
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-