General

  • Target

    770b0caaadecdb299dbafd2ee57b9b9a3075efd3cc2fc0df992937eb2934a486

  • Size

    2.8MB

  • Sample

    221121-2q313sdf8v

  • MD5

    cab4423309c1de0ffdc9563d97d86f43

  • SHA1

    18c43869e5d9ade9cb27a437d6781148ab0c8dea

  • SHA256

    770b0caaadecdb299dbafd2ee57b9b9a3075efd3cc2fc0df992937eb2934a486

  • SHA512

    7f5787a3a5325e3aa04fa24d2e75274d21512688b2ef43a5d243c79d60dc617bd6460a75f263100875a203206434b0f781685a867c82f92e13d75e86990251be

  • SSDEEP

    49152:uAUb66kq7TwfM90rJHLgmBY5yr1qerdkjRjGdZDhqQolrq+snlRCWU58l:uAUb6Rq70/rtLgmBRr1qodkjdWZDwqn9

Malware Config

Targets

    • Target

      770b0caaadecdb299dbafd2ee57b9b9a3075efd3cc2fc0df992937eb2934a486

    • Size

      2.8MB

    • MD5

      cab4423309c1de0ffdc9563d97d86f43

    • SHA1

      18c43869e5d9ade9cb27a437d6781148ab0c8dea

    • SHA256

      770b0caaadecdb299dbafd2ee57b9b9a3075efd3cc2fc0df992937eb2934a486

    • SHA512

      7f5787a3a5325e3aa04fa24d2e75274d21512688b2ef43a5d243c79d60dc617bd6460a75f263100875a203206434b0f781685a867c82f92e13d75e86990251be

    • SSDEEP

      49152:uAUb66kq7TwfM90rJHLgmBY5yr1qerdkjRjGdZDhqQolrq+snlRCWU58l:uAUb6Rq70/rtLgmBRr1qodkjdWZDwqn9

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks