General
-
Target
237bd56d1e468f9b882706c340b9d4848a2a2bc1e8d0668a0f36e2206fe3ccdf
-
Size
7.3MB
-
Sample
221108-s8fttsgcbn
-
MD5
0b7e0fc0d4079e6bbfbf973a897a9a5c
-
SHA1
3e6dd00af4feb11bb015213277a4f010c0c82dd8
-
SHA256
237bd56d1e468f9b882706c340b9d4848a2a2bc1e8d0668a0f36e2206fe3ccdf
-
SHA512
55b6436a93913d3743ff2ec7f93e44d5dbf7035174814f9b39c7e55492c7a89d408950ffa240c3305a1cea0685af3fd011510387dbf390842efc07234f15243e
-
SSDEEP
196608:ySHMjhspjUi99uVf4X+2hG2+O1AyOWSoSTjrmt7nv6PGpeFh:ySHMhsJ/0gNQBOvM2v6PGoh
Malware Config
Targets
-
-
Target
237bd56d1e468f9b882706c340b9d4848a2a2bc1e8d0668a0f36e2206fe3ccdf
-
Size
7.3MB
-
MD5
0b7e0fc0d4079e6bbfbf973a897a9a5c
-
SHA1
3e6dd00af4feb11bb015213277a4f010c0c82dd8
-
SHA256
237bd56d1e468f9b882706c340b9d4848a2a2bc1e8d0668a0f36e2206fe3ccdf
-
SHA512
55b6436a93913d3743ff2ec7f93e44d5dbf7035174814f9b39c7e55492c7a89d408950ffa240c3305a1cea0685af3fd011510387dbf390842efc07234f15243e
-
SSDEEP
196608:ySHMjhspjUi99uVf4X+2hG2+O1AyOWSoSTjrmt7nv6PGpeFh:ySHMhsJ/0gNQBOvM2v6PGoh
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-