General

  • Target

    agent-7.5.1.0.exe

  • Size

    22.2MB

  • Sample

    241002-v23q5aybnr

  • MD5

    10612a00f02fcbfee5712b068a66010f

  • SHA1

    c7f33f68c638246f6ae4d744a7e79f23fa152dec

  • SHA256

    2816304558b1408a0f0e59e248991db4dcba8cddda7261dd4bd9ee98b0f725e0

  • SHA512

    2ab5d6f6eb05b7fdb17975cc9b700ee469502fd7b63e198322e378e509a323429fba208170c08222de9503e426081a2ccd1ee083a5f055dced66578dcee1ee14

  • SSDEEP

    393216:4kCtFKS5RA/79u8m3mJA/VClbgY0XDK4U4ht3LVBPqPoqNukogz/AczsL:4tcaoYJ3miClsYYG4H/BPioLSsL

Malware Config

Targets

    • Target

      agent-7.5.1.0.exe

    • Size

      22.2MB

    • MD5

      10612a00f02fcbfee5712b068a66010f

    • SHA1

      c7f33f68c638246f6ae4d744a7e79f23fa152dec

    • SHA256

      2816304558b1408a0f0e59e248991db4dcba8cddda7261dd4bd9ee98b0f725e0

    • SHA512

      2ab5d6f6eb05b7fdb17975cc9b700ee469502fd7b63e198322e378e509a323429fba208170c08222de9503e426081a2ccd1ee083a5f055dced66578dcee1ee14

    • SSDEEP

      393216:4kCtFKS5RA/79u8m3mJA/VClbgY0XDK4U4ht3LVBPqPoqNukogz/AczsL:4tcaoYJ3miClsYYG4H/BPioLSsL

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks