General
-
Target
7405b46d5f93ea04e7ecd588ee4bd1de76579689e07986895bbbaeec4f2bf9e1
-
Size
4.1MB
-
Sample
221127-bw1j2aae42
-
MD5
5667aae6c34c2aed84dc344f2f7594ce
-
SHA1
858632f13d298ecb49c8b50bc3fd1e56c6b3ad33
-
SHA256
7405b46d5f93ea04e7ecd588ee4bd1de76579689e07986895bbbaeec4f2bf9e1
-
SHA512
bff05864a430f2abdc78991a322d0ea686c24d6fc60ec8ef71aa422e484ee40b19991ef4f3ce70a7d64567fb804de2b8e16c8d6a3d4246ebc4f51f00ccf9f78a
-
SSDEEP
98304:1joLchbHlbSEmlKVr8+loohgLijiAJdTvJbl:1Schk7u4+lJRhvJB
Malware Config
Targets
-
-
Target
7405b46d5f93ea04e7ecd588ee4bd1de76579689e07986895bbbaeec4f2bf9e1
-
Size
4.1MB
-
MD5
5667aae6c34c2aed84dc344f2f7594ce
-
SHA1
858632f13d298ecb49c8b50bc3fd1e56c6b3ad33
-
SHA256
7405b46d5f93ea04e7ecd588ee4bd1de76579689e07986895bbbaeec4f2bf9e1
-
SHA512
bff05864a430f2abdc78991a322d0ea686c24d6fc60ec8ef71aa422e484ee40b19991ef4f3ce70a7d64567fb804de2b8e16c8d6a3d4246ebc4f51f00ccf9f78a
-
SSDEEP
98304:1joLchbHlbSEmlKVr8+loohgLijiAJdTvJbl:1Schk7u4+lJRhvJB
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Stops running service(s)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-