General

  • Target

    8CEA95F9CE9E5CF6DEE53EEE1B3DCF0A85A80A699575D.exe

  • Size

    11.1MB

  • Sample

    221229-rbjzjsgd61

  • MD5

    3e45070153f2ffd2c0aa313d2b593407

  • SHA1

    d6a8d1fb41d56ddb871d979ab6ad1fafcc4a5f06

  • SHA256

    8cea95f9ce9e5cf6dee53eee1b3dcf0a85a80a699575db64869a85636bf1017f

  • SHA512

    c792d1e74142090ae49217bd76598901c9d84f497fc8ce32cf3fe11eab5c260d66cf0f049662aafa65f6816d03344bbb586556c3e5c000ddf287b46a2576e5b5

  • SSDEEP

    196608:slMUmnmOZzGmn4xhCERU2jvomUTc5bw3khB74M90NKsfayjUQ8jF59D9Pr:s/WmozGmsCe3UMYm12NjayT+Frt

Score
10/10

Malware Config

Targets

    • Target

      8CEA95F9CE9E5CF6DEE53EEE1B3DCF0A85A80A699575D.exe

    • Size

      11.1MB

    • MD5

      3e45070153f2ffd2c0aa313d2b593407

    • SHA1

      d6a8d1fb41d56ddb871d979ab6ad1fafcc4a5f06

    • SHA256

      8cea95f9ce9e5cf6dee53eee1b3dcf0a85a80a699575db64869a85636bf1017f

    • SHA512

      c792d1e74142090ae49217bd76598901c9d84f497fc8ce32cf3fe11eab5c260d66cf0f049662aafa65f6816d03344bbb586556c3e5c000ddf287b46a2576e5b5

    • SSDEEP

      196608:slMUmnmOZzGmn4xhCERU2jvomUTc5bw3khB74M90NKsfayjUQ8jF59D9Pr:s/WmozGmsCe3UMYm12NjayT+Frt

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks