General

  • Target

    b50cf4ce1fbaa5ba67035c538d49b8a39f1c1f976bfde8ee1f4ee040c6d42591.exe

  • Size

    16.4MB

  • Sample

    240525-cecx3sah68

  • MD5

    2d49a6ce2ee81dc16d23b3a820ee87e0

  • SHA1

    d0b2dab654a86a302c1a051c950b76c15ece69b1

  • SHA256

    b50cf4ce1fbaa5ba67035c538d49b8a39f1c1f976bfde8ee1f4ee040c6d42591

  • SHA512

    c4e2d5459315035df1f60117b03c8289c63b5d8c34bb4c23566b77a38fcd2c4d0967351c5f425839123f2bb4d030a4b6d14236610b066306028c2dda31e5359a

  • SSDEEP

    393216:lfdu0pZ+MHgn6ttNkJI/Jt7RRfONkopbgbGq/jF8I6RLj:lFPpZ+MH5ttxRtVlONLp0yLj

Score
10/10

Malware Config

Targets

    • Target

      b50cf4ce1fbaa5ba67035c538d49b8a39f1c1f976bfde8ee1f4ee040c6d42591.exe

    • Size

      16.4MB

    • MD5

      2d49a6ce2ee81dc16d23b3a820ee87e0

    • SHA1

      d0b2dab654a86a302c1a051c950b76c15ece69b1

    • SHA256

      b50cf4ce1fbaa5ba67035c538d49b8a39f1c1f976bfde8ee1f4ee040c6d42591

    • SHA512

      c4e2d5459315035df1f60117b03c8289c63b5d8c34bb4c23566b77a38fcd2c4d0967351c5f425839123f2bb4d030a4b6d14236610b066306028c2dda31e5359a

    • SSDEEP

      393216:lfdu0pZ+MHgn6ttNkJI/Jt7RRfONkopbgbGq/jF8I6RLj:lFPpZ+MH5ttxRtVlONLp0yLj

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks