General
-
Target
SecuriteInfo.com.PUA.Tool.RemoteControl.18.25736.20264.exe
-
Size
16.4MB
-
Sample
240524-dy7ggabd68
-
MD5
2d49a6ce2ee81dc16d23b3a820ee87e0
-
SHA1
d0b2dab654a86a302c1a051c950b76c15ece69b1
-
SHA256
b50cf4ce1fbaa5ba67035c538d49b8a39f1c1f976bfde8ee1f4ee040c6d42591
-
SHA512
c4e2d5459315035df1f60117b03c8289c63b5d8c34bb4c23566b77a38fcd2c4d0967351c5f425839123f2bb4d030a4b6d14236610b066306028c2dda31e5359a
-
SSDEEP
393216:lfdu0pZ+MHgn6ttNkJI/Jt7RRfONkopbgbGq/jF8I6RLj:lFPpZ+MH5ttxRtVlONLp0yLj
Malware Config
Targets
-
-
Target
SecuriteInfo.com.PUA.Tool.RemoteControl.18.25736.20264.exe
-
Size
16.4MB
-
MD5
2d49a6ce2ee81dc16d23b3a820ee87e0
-
SHA1
d0b2dab654a86a302c1a051c950b76c15ece69b1
-
SHA256
b50cf4ce1fbaa5ba67035c538d49b8a39f1c1f976bfde8ee1f4ee040c6d42591
-
SHA512
c4e2d5459315035df1f60117b03c8289c63b5d8c34bb4c23566b77a38fcd2c4d0967351c5f425839123f2bb4d030a4b6d14236610b066306028c2dda31e5359a
-
SSDEEP
393216:lfdu0pZ+MHgn6ttNkJI/Jt7RRfONkopbgbGq/jF8I6RLj:lFPpZ+MH5ttxRtVlONLp0yLj
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-