General

  • Target

    eb8cce04e68e0edf8d1f33b6b5fb79e89bb9abc5bf42fcd4b0df0360c9a86e1c

  • Size

    3.6MB

  • Sample

    221205-hw4p1sbf3y

  • MD5

    08d6651c58801b8ba799e21f2972aeec

  • SHA1

    431166615f079fa7399620c96bb7854f1337d3d0

  • SHA256

    eb8cce04e68e0edf8d1f33b6b5fb79e89bb9abc5bf42fcd4b0df0360c9a86e1c

  • SHA512

    89f80ff6536a55f4ed677af6f36910e3796f5dc684d3dee1190a87735448508309d8b1b4211087bf44513cac0412e7dbdfd85e37234c97a11fced749f01adfc6

  • SSDEEP

    98304:7JYtfH2yd+W+2dtu32yWx35rUDHvD9ICRDxq79u6e:7J82I+IujYp+PD78xA

Score
10/10

Malware Config

Targets

    • Target

      eb8cce04e68e0edf8d1f33b6b5fb79e89bb9abc5bf42fcd4b0df0360c9a86e1c

    • Size

      3.6MB

    • MD5

      08d6651c58801b8ba799e21f2972aeec

    • SHA1

      431166615f079fa7399620c96bb7854f1337d3d0

    • SHA256

      eb8cce04e68e0edf8d1f33b6b5fb79e89bb9abc5bf42fcd4b0df0360c9a86e1c

    • SHA512

      89f80ff6536a55f4ed677af6f36910e3796f5dc684d3dee1190a87735448508309d8b1b4211087bf44513cac0412e7dbdfd85e37234c97a11fced749f01adfc6

    • SSDEEP

      98304:7JYtfH2yd+W+2dtu32yWx35rUDHvD9ICRDxq79u6e:7J82I+IujYp+PD78xA

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks