General

  • Target

    tmp

  • Size

    8.3MB

  • Sample

    230315-jdnrhsca84

  • MD5

    73f351beae5c881fafe36f42cde9a47c

  • SHA1

    dc1425cfd5569bd59f5d56432df875b59da9300b

  • SHA256

    a028816d9741540c6184091b4ae3c4e42b104f90fe3b17a55d0e4aa4c4c43824

  • SHA512

    f484b1260e73b3717603cfcfd62e820502480d8be57a7570e6c38612c9ea86b9335c6a42742fbdb369a37fcd5ec4c2b06f426a075582c39639128ad7be92da66

  • SSDEEP

    196608:PdQ5Lq4eAGPJgBDpKLtW0tzHlYd3cvF8m9k/RRZpAp2FG0c+imhtO:P2VqyC8mQ0vxN79kpR40cUO

Score
10/10

Malware Config

Targets

    • Target

      tmp

    • Size

      8.3MB

    • MD5

      73f351beae5c881fafe36f42cde9a47c

    • SHA1

      dc1425cfd5569bd59f5d56432df875b59da9300b

    • SHA256

      a028816d9741540c6184091b4ae3c4e42b104f90fe3b17a55d0e4aa4c4c43824

    • SHA512

      f484b1260e73b3717603cfcfd62e820502480d8be57a7570e6c38612c9ea86b9335c6a42742fbdb369a37fcd5ec4c2b06f426a075582c39639128ad7be92da66

    • SSDEEP

      196608:PdQ5Lq4eAGPJgBDpKLtW0tzHlYd3cvF8m9k/RRZpAp2FG0c+imhtO:P2VqyC8mQ0vxN79kpR40cUO

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Tasks