General

  • Target

    8e61615de91718b4662d4a99e0e5113c34237c316e6646c5a906ef2208d8da8b

  • Size

    7.2MB

  • Sample

    221206-sg352shb98

  • MD5

    b1c2b3fa4e8094cc0c93c3d1e341678c

  • SHA1

    8c35dba41ca1a411a18b416ed515be0129b58f91

  • SHA256

    8e61615de91718b4662d4a99e0e5113c34237c316e6646c5a906ef2208d8da8b

  • SHA512

    eede8112c49dbaacf70c1f1616159d38e542d35a81d47016d8bbbe508d9710371e51da18bf1242fcf21b1183d125f75aa446fe663459153acf5118c9b8623779

  • SSDEEP

    196608:YkoCOc7n/+FEqkbVruOFwtfqS0b1KqQ6UrQ0Q8fAd17b+QXnjf0+2:Ykac7WFEFbVfwAS4Y13Q8817b+Qa

Score
10/10

Malware Config

Targets

    • Target

      8e61615de91718b4662d4a99e0e5113c34237c316e6646c5a906ef2208d8da8b

    • Size

      7.2MB

    • MD5

      b1c2b3fa4e8094cc0c93c3d1e341678c

    • SHA1

      8c35dba41ca1a411a18b416ed515be0129b58f91

    • SHA256

      8e61615de91718b4662d4a99e0e5113c34237c316e6646c5a906ef2208d8da8b

    • SHA512

      eede8112c49dbaacf70c1f1616159d38e542d35a81d47016d8bbbe508d9710371e51da18bf1242fcf21b1183d125f75aa446fe663459153acf5118c9b8623779

    • SSDEEP

      196608:YkoCOc7n/+FEqkbVruOFwtfqS0b1KqQ6UrQ0Q8fAd17b+QXnjf0+2:Ykac7WFEFbVfwAS4Y13Q8817b+Qa

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks