General
-
Target
FC9E09EC6960ED9E765A2D319ACB99395B78010785B6F.exe
-
Size
12.0MB
-
Sample
221025-2ssywseber
-
MD5
ce94855ad6ed2dc3ceb85e516f907371
-
SHA1
275cc93eef3ae8790cccbff9325fb9f7063c669a
-
SHA256
fc9e09ec6960ed9e765a2d319acb99395b78010785b6f176680f9fa5af846d09
-
SHA512
5533e34c4f8f43e70a3eb536cde70c6c54a02a402154c880cb9fe51fb2b95b87fd6d5e588a39d86812cac5e614ec532778da6de1b22fd789f1b843598b9860b1
-
SSDEEP
196608:AihtI2NepqkynnaENFshFv2+odIR2dTi8PXM2GD080tZqTvPAMurHUAmJfVQeo:HhC2NeEnaSezO+ZAOe9GDPTXNpJf0
Malware Config
Targets
-
-
Target
FC9E09EC6960ED9E765A2D319ACB99395B78010785B6F.exe
-
Size
12.0MB
-
MD5
ce94855ad6ed2dc3ceb85e516f907371
-
SHA1
275cc93eef3ae8790cccbff9325fb9f7063c669a
-
SHA256
fc9e09ec6960ed9e765a2d319acb99395b78010785b6f176680f9fa5af846d09
-
SHA512
5533e34c4f8f43e70a3eb536cde70c6c54a02a402154c880cb9fe51fb2b95b87fd6d5e588a39d86812cac5e614ec532778da6de1b22fd789f1b843598b9860b1
-
SSDEEP
196608:AihtI2NepqkynnaENFshFv2+odIR2dTi8PXM2GD080tZqTvPAMurHUAmJfVQeo:HhC2NeEnaSezO+ZAOe9GDPTXNpJf0
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-