General
-
Target
43bdc93361560434886e3ce6ed1bbd93f14541b2947e593690f3c9b427600671
-
Size
7.8MB
-
Sample
221126-hjbtgaaa45
-
MD5
ebe3f98743d4a03c9ed92e6b27b266a3
-
SHA1
fb6e47c05ba7b5ed51cff19d9d86d43cc7889747
-
SHA256
43bdc93361560434886e3ce6ed1bbd93f14541b2947e593690f3c9b427600671
-
SHA512
43e233763c326e36bdbe50ca2a13680928a2288c1b285a8b02bb691b4d2fccc2152a3a7d0b18cf88d09578d3a4c5e91bd53a838376f28e6a38f84bc1464d46bb
-
SSDEEP
196608:sx9Dht4XA61gQzHZKqHuDXKkj0Pgu/k5AmizMvaU/3RxiKEDHeJ:AhmXPHZiXR0Pgu/AApoyU/fiKEDHG
Malware Config
Targets
-
-
Target
43bdc93361560434886e3ce6ed1bbd93f14541b2947e593690f3c9b427600671
-
Size
7.8MB
-
MD5
ebe3f98743d4a03c9ed92e6b27b266a3
-
SHA1
fb6e47c05ba7b5ed51cff19d9d86d43cc7889747
-
SHA256
43bdc93361560434886e3ce6ed1bbd93f14541b2947e593690f3c9b427600671
-
SHA512
43e233763c326e36bdbe50ca2a13680928a2288c1b285a8b02bb691b4d2fccc2152a3a7d0b18cf88d09578d3a4c5e91bd53a838376f28e6a38f84bc1464d46bb
-
SSDEEP
196608:sx9Dht4XA61gQzHZKqHuDXKkj0Pgu/k5AmizMvaU/3RxiKEDHeJ:AhmXPHZiXR0Pgu/AApoyU/fiKEDHG
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-