General

  • Target

    SecuriteInfo.com.PUA.Tool.RemoteControl.20.4973.23208.exe

  • Size

    10.9MB

  • Sample

    241020-rvpzxashqh

  • MD5

    fec6019b90092723b543219410ce71b4

  • SHA1

    c5677e34753294789f75d036cfb677b44e1aa426

  • SHA256

    6fb6cffbc9d37606dee6240083b2f3db1747a819ee84d2db3d1e2bc5937e93cc

  • SHA512

    87fb256ca5b8cda43a02c0b992471b16052561d379edc06e6a6b148ff95984ccc19f9a3242d1d0403d7bf6984e0ba301ecefc5a062fde13735e3e0fb62ba2dfc

  • SSDEEP

    196608:np9T+NrpQJrG8M3+OvIKeFUOkpfG+n4qsYdz+FsCTk6x4acytLmfzB:n6rpQJK8M3+4teCOkpe3YhG7LmfzB

Malware Config

Targets

    • Target

      SecuriteInfo.com.PUA.Tool.RemoteControl.20.4973.23208.exe

    • Size

      10.9MB

    • MD5

      fec6019b90092723b543219410ce71b4

    • SHA1

      c5677e34753294789f75d036cfb677b44e1aa426

    • SHA256

      6fb6cffbc9d37606dee6240083b2f3db1747a819ee84d2db3d1e2bc5937e93cc

    • SHA512

      87fb256ca5b8cda43a02c0b992471b16052561d379edc06e6a6b148ff95984ccc19f9a3242d1d0403d7bf6984e0ba301ecefc5a062fde13735e3e0fb62ba2dfc

    • SSDEEP

      196608:np9T+NrpQJrG8M3+OvIKeFUOkpfG+n4qsYdz+FsCTk6x4acytLmfzB:n6rpQJK8M3+4teCOkpe3YhG7LmfzB

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks