General
-
Target
e941f62dd4914c818f2f2e85d9194640ea73ef3fb2823c262cb3a2abe23052db
-
Size
5.4MB
-
Sample
221011-swpafacabl
-
MD5
7c8224fab6efe821297c0edf80701b58
-
SHA1
07a556fe87ff34ce62472be51efaa60f8c1f03dc
-
SHA256
e941f62dd4914c818f2f2e85d9194640ea73ef3fb2823c262cb3a2abe23052db
-
SHA512
62dfc54bf5419e2176e42e39189dc79f6ccd508cc01e3e6e7f020d74b27ea4ab138dc826c158c5650db40a03e1b92162c429dc499ea386bd38c9d86156600dc5
-
SSDEEP
98304:n32Z/1caWAv9lNibmheg2YqwFfxh4AtvoZxDxbZDbClM+T/5P/9cneW/L3Nod7F:n3iDN9lEbmhTOwFJCeAddb4Jz53Gxzu/
Malware Config
Targets
-
-
Target
e941f62dd4914c818f2f2e85d9194640ea73ef3fb2823c262cb3a2abe23052db
-
Size
5.4MB
-
MD5
7c8224fab6efe821297c0edf80701b58
-
SHA1
07a556fe87ff34ce62472be51efaa60f8c1f03dc
-
SHA256
e941f62dd4914c818f2f2e85d9194640ea73ef3fb2823c262cb3a2abe23052db
-
SHA512
62dfc54bf5419e2176e42e39189dc79f6ccd508cc01e3e6e7f020d74b27ea4ab138dc826c158c5650db40a03e1b92162c429dc499ea386bd38c9d86156600dc5
-
SSDEEP
98304:n32Z/1caWAv9lNibmheg2YqwFfxh4AtvoZxDxbZDbClM+T/5P/9cneW/L3Nod7F:n3iDN9lEbmhTOwFJCeAddb4Jz53Gxzu/
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-