General
-
Target
rat.exe
-
Size
4.4MB
-
Sample
230502-f5195shg34
-
MD5
5a969f8c093488f50782b31c3eef05b0
-
SHA1
23d4d7ffb40993c23350f9c201a21c5e3c10072e
-
SHA256
1a0066f09f9b09aea075bbd592cc4fb1cc2e56ccdcc31ff4816af4f059e66efd
-
SHA512
49a7246d6bad44700186268a4cba4b12ef8f01495ad8474816fc6a5305f479ce2c9e5b6d8b470a0f52af163d56c43e6540e89533b5352869b22bc6c773e3eb82
-
SSDEEP
98304:fryWc/Phnb/FpQP/Z6UkvxzA45CYS9d3tjpHipm/tn9TV/ukyAEALrE:OL/5/bQP/kZITn7F9ZWPAc
Malware Config
Targets
-
-
Target
Device/HarddiskVolume2/Windows/Fonts/win/rat.exe
-
Size
4.5MB
-
MD5
6029a73df701b89e8f2e63b81d573f8b
-
SHA1
4ccc0cf864b754c16cd59e3a91a2b5ffce111ffc
-
SHA256
a021d50b43316b250731b984a8922f07b688ba02be9d43767c82a382d614309f
-
SHA512
a4bd3d2dae496935604dcd64c2f23c495f025d4f35d7ce2696f8d619c65371e74a755cd4ea245b41e40fe82545a5ca9eeeed6c6b2f08e7e1bbb653e6ed560473
-
SSDEEP
98304:Ls5akhSst3Wbbiddqxm3nrktVwImIf3qXgv2/sgOML87xyXmA9faSS:4ayWf4dqxm3rkPwIfqQv2/sgrL87x8mJ
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-