General
-
Target
28ea428f96d48a053033677f2bae666287038c2f9279a903bb351cca2970471b
-
Size
4.0MB
-
Sample
221127-tzbzysfc2x
-
MD5
8143f88bc5d2eb0a03fc56e1f2a39919
-
SHA1
e8d13cad3117c979f656b81dd70dade47f81a2df
-
SHA256
28ea428f96d48a053033677f2bae666287038c2f9279a903bb351cca2970471b
-
SHA512
7952fd0161fcc9fdc20cba67a9af0bf6c0fc4f5a515394526b51a2412cdd493e15e644e9acfb7cc5865a4fcf8a2b2e2d8c4a8599e4eb2e3e4db6cbcbc2b8e2dd
-
SSDEEP
98304:jHrKUtFKlxG8DvM+5Di3LJqcYG1vEJ+++tS2TDhZLR/J78TUc:yUtFKlxGwv9pi3E5TJN+jTDhHJQTUc
Malware Config
Targets
-
-
Target
28ea428f96d48a053033677f2bae666287038c2f9279a903bb351cca2970471b
-
Size
4.0MB
-
MD5
8143f88bc5d2eb0a03fc56e1f2a39919
-
SHA1
e8d13cad3117c979f656b81dd70dade47f81a2df
-
SHA256
28ea428f96d48a053033677f2bae666287038c2f9279a903bb351cca2970471b
-
SHA512
7952fd0161fcc9fdc20cba67a9af0bf6c0fc4f5a515394526b51a2412cdd493e15e644e9acfb7cc5865a4fcf8a2b2e2d8c4a8599e4eb2e3e4db6cbcbc2b8e2dd
-
SSDEEP
98304:jHrKUtFKlxG8DvM+5Di3LJqcYG1vEJ+++tS2TDhZLR/J78TUc:yUtFKlxGwv9pi3E5TJN+jTDhHJQTUc
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-