General
-
Target
SecuriteInfo.com.Unwanted-Program.00578aef1.32765.4895.exe
-
Size
17.3MB
-
Sample
240405-ewyl8abh8t
-
MD5
f429810f03b2e5472f51f22dbbf6f165
-
SHA1
361572f7729f71af2d77c2db0d352d6eb3b11cda
-
SHA256
e99121de906a1fb921f1f4388fcffd3424000340a49d5d4f45f3aa912f1eeb55
-
SHA512
7453bc834416b652ac93315c3c86cec371f2a042bdbd368514ef38f5337c9d2e99ecdd4baf94ec40d71b0fece5dfc6e611e1424f7caa61f823c64dd787525b92
-
SSDEEP
393216:BMlU2nBTLv7A1J9mA0Z8h6B3LhmNm4S0JWeG7PX:ByU2nBTLv7A1OAO7B3FcfSX
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Unwanted-Program.00578aef1.32765.4895.exe
-
Size
17.3MB
-
MD5
f429810f03b2e5472f51f22dbbf6f165
-
SHA1
361572f7729f71af2d77c2db0d352d6eb3b11cda
-
SHA256
e99121de906a1fb921f1f4388fcffd3424000340a49d5d4f45f3aa912f1eeb55
-
SHA512
7453bc834416b652ac93315c3c86cec371f2a042bdbd368514ef38f5337c9d2e99ecdd4baf94ec40d71b0fece5dfc6e611e1424f7caa61f823c64dd787525b92
-
SSDEEP
393216:BMlU2nBTLv7A1J9mA0Z8h6B3LhmNm4S0JWeG7PX:ByU2nBTLv7A1OAO7B3FcfSX
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-