General
-
Target
1132ead4499f0ce2b021432b83ca4b76.exe
-
Size
23.7MB
-
Sample
220919-3hpzxsbfh6
-
MD5
1132ead4499f0ce2b021432b83ca4b76
-
SHA1
3c2f0503b02a80619e55c444b1dbf66b48328d47
-
SHA256
ae20798a24a3a7dbc44ad8d9182fd4cd289ed89a96e5f0ee430e329b710af522
-
SHA512
bc68289bfa35889ddb9d9c1749bc29aeb64c2423fe0d856ac40e057c836ad821d3f91643bb5233f663912232885dc503e85fe52405ff2396e35b99767fbe34c6
-
SSDEEP
393216:0bUBx1ZrzDywEvRYeHuCZYKmvJITDqgM+evGXioV1S64G790KxcPD+l:Xri2eL6K/aYioD4Gii
Malware Config
Targets
-
-
Target
1132ead4499f0ce2b021432b83ca4b76.exe
-
Size
23.7MB
-
MD5
1132ead4499f0ce2b021432b83ca4b76
-
SHA1
3c2f0503b02a80619e55c444b1dbf66b48328d47
-
SHA256
ae20798a24a3a7dbc44ad8d9182fd4cd289ed89a96e5f0ee430e329b710af522
-
SHA512
bc68289bfa35889ddb9d9c1749bc29aeb64c2423fe0d856ac40e057c836ad821d3f91643bb5233f663912232885dc503e85fe52405ff2396e35b99767fbe34c6
-
SSDEEP
393216:0bUBx1ZrzDywEvRYeHuCZYKmvJITDqgM+evGXioV1S64G790KxcPD+l:Xri2eL6K/aYioD4Gii
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-