General

  • Target

    2ac561231ba80f987b7bf1f6c3fb2c3b.exe

  • Size

    17.1MB

  • Sample

    241005-1qgbmstenr

  • MD5

    2ac561231ba80f987b7bf1f6c3fb2c3b

  • SHA1

    9742aa5faeef8d90a116a5f86066acf72071ca26

  • SHA256

    3b03d8ee3dc4406d7be3d995552965ad4b4b9f1f3d106580820ce3e1fa62b2ca

  • SHA512

    4ea8a999b419472a3b4703535b4e6a3fe0a93de7bd44ef48dce11cf8d5bd7da8c72f585de9dad5534f270ff14f2ad5a16a5688498402cb1141d38a470fa34f50

  • SSDEEP

    393216:r93WcIGlUHbn+WE2WQoCyJ8ZKNhNUNXaRdeX:53W7bE2WQoVVhNaXaza

Malware Config

Targets

    • Target

      2ac561231ba80f987b7bf1f6c3fb2c3b.exe

    • Size

      17.1MB

    • MD5

      2ac561231ba80f987b7bf1f6c3fb2c3b

    • SHA1

      9742aa5faeef8d90a116a5f86066acf72071ca26

    • SHA256

      3b03d8ee3dc4406d7be3d995552965ad4b4b9f1f3d106580820ce3e1fa62b2ca

    • SHA512

      4ea8a999b419472a3b4703535b4e6a3fe0a93de7bd44ef48dce11cf8d5bd7da8c72f585de9dad5534f270ff14f2ad5a16a5688498402cb1141d38a470fa34f50

    • SSDEEP

      393216:r93WcIGlUHbn+WE2WQoCyJ8ZKNhNUNXaRdeX:53W7bE2WQoVVhNaXaza

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks