General
-
Target
8e61615de91718b4662d4a99e0e5113c34237c316e6646c5a906ef2208d8da8b
-
Size
7.2MB
-
Sample
221206-sg352shb98
-
MD5
b1c2b3fa4e8094cc0c93c3d1e341678c
-
SHA1
8c35dba41ca1a411a18b416ed515be0129b58f91
-
SHA256
8e61615de91718b4662d4a99e0e5113c34237c316e6646c5a906ef2208d8da8b
-
SHA512
eede8112c49dbaacf70c1f1616159d38e542d35a81d47016d8bbbe508d9710371e51da18bf1242fcf21b1183d125f75aa446fe663459153acf5118c9b8623779
-
SSDEEP
196608:YkoCOc7n/+FEqkbVruOFwtfqS0b1KqQ6UrQ0Q8fAd17b+QXnjf0+2:Ykac7WFEFbVfwAS4Y13Q8817b+Qa
Malware Config
Targets
-
-
Target
8e61615de91718b4662d4a99e0e5113c34237c316e6646c5a906ef2208d8da8b
-
Size
7.2MB
-
MD5
b1c2b3fa4e8094cc0c93c3d1e341678c
-
SHA1
8c35dba41ca1a411a18b416ed515be0129b58f91
-
SHA256
8e61615de91718b4662d4a99e0e5113c34237c316e6646c5a906ef2208d8da8b
-
SHA512
eede8112c49dbaacf70c1f1616159d38e542d35a81d47016d8bbbe508d9710371e51da18bf1242fcf21b1183d125f75aa446fe663459153acf5118c9b8623779
-
SSDEEP
196608:YkoCOc7n/+FEqkbVruOFwtfqS0b1KqQ6UrQ0Q8fAd17b+QXnjf0+2:Ykac7WFEFbVfwAS4Y13Q8817b+Qa
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-