General
-
Target
6d0d1e6db6ece466654e6e073d494918
-
Size
4.0MB
-
Sample
231219-wabn1afehj
-
MD5
6d0d1e6db6ece466654e6e073d494918
-
SHA1
84e969d9a3397c391a6a00cf0dff4cea5eea9749
-
SHA256
bdba65b52977eb62aba2c7372c1e348d186ff85fedea5aeb12971f6e1463061d
-
SHA512
9b5109eb4734b51e463693d1e794d9d55cecff5280e1806945142b7445d9d6ca0b5dc02dd7dc120a9b1d59ffb4357e5dfbab852d7bdf2f715e1e8c28ade0f081
-
SSDEEP
98304:SXz+7xDq3yXD2JWm+NaRpHJomk4l4JTVJHg:aKFqCXD2JOorxk4lWHHg
Malware Config
Targets
-
-
Target
6d0d1e6db6ece466654e6e073d494918
-
Size
4.0MB
-
MD5
6d0d1e6db6ece466654e6e073d494918
-
SHA1
84e969d9a3397c391a6a00cf0dff4cea5eea9749
-
SHA256
bdba65b52977eb62aba2c7372c1e348d186ff85fedea5aeb12971f6e1463061d
-
SHA512
9b5109eb4734b51e463693d1e794d9d55cecff5280e1806945142b7445d9d6ca0b5dc02dd7dc120a9b1d59ffb4357e5dfbab852d7bdf2f715e1e8c28ade0f081
-
SSDEEP
98304:SXz+7xDq3yXD2JWm+NaRpHJomk4l4JTVJHg:aKFqCXD2JOorxk4lWHHg
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-