General
-
Target
30b34e5de6710c83d8c122a19f956631fd77811d1356fa79ea15fb0f38cd9ab1
-
Size
3.4MB
-
Sample
221126-zjswesgd3x
-
MD5
d57e091a472b140ee5855b6dc1b6106d
-
SHA1
66e08ad7ce96b87a85c9eff0e92ec1d146f3ac3b
-
SHA256
30b34e5de6710c83d8c122a19f956631fd77811d1356fa79ea15fb0f38cd9ab1
-
SHA512
3aa8460eb00a1885c6b98afebcafdedf2167aa857ee13255cdfb8b9a6bc2c9f4147c050c03b5f4fff96ebbb937d3d090d3ee2f75da172d93d88adc8457bab619
-
SSDEEP
49152:q3E8sLd3hrsM0diRoh88V+5UEFCIyaLmSQQCwKGyd/l+V44vOu81iDbOxWT+sN03:rLVSvdWom5hCdwKGi/gV4oOupXQL4ZY
Malware Config
Targets
-
-
Target
30b34e5de6710c83d8c122a19f956631fd77811d1356fa79ea15fb0f38cd9ab1
-
Size
3.4MB
-
MD5
d57e091a472b140ee5855b6dc1b6106d
-
SHA1
66e08ad7ce96b87a85c9eff0e92ec1d146f3ac3b
-
SHA256
30b34e5de6710c83d8c122a19f956631fd77811d1356fa79ea15fb0f38cd9ab1
-
SHA512
3aa8460eb00a1885c6b98afebcafdedf2167aa857ee13255cdfb8b9a6bc2c9f4147c050c03b5f4fff96ebbb937d3d090d3ee2f75da172d93d88adc8457bab619
-
SSDEEP
49152:q3E8sLd3hrsM0diRoh88V+5UEFCIyaLmSQQCwKGyd/l+V44vOu81iDbOxWT+sN03:rLVSvdWom5hCdwKGi/gV4oOupXQL4ZY
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Stops running service(s)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-