General
-
Target
89ba05dd82c47779436799efad2651f54e2823b0606a46e984ee7b17881c97c5.exe
-
Size
10.4MB
-
Sample
250202-fcxfgsxpcr
-
MD5
3b792b5759ac51415be1c8405d772ca9
-
SHA1
b26c53c4082a001a8cce1d7e1f0b7d9266f0e79a
-
SHA256
89ba05dd82c47779436799efad2651f54e2823b0606a46e984ee7b17881c97c5
-
SHA512
20ed824e46e460e853b3272bf7e3260ba481e13aa88dd38d3719e5ca6e4639954af4f23dbfde6e66e722e8fb5068756c1bb0c936e4506374a4a641a1323f0154
-
SSDEEP
196608:AaEXZUCVKZhHIHVJhnpT+IHKPmUU2R79xLkUav4utUcVvD4JTOBopmf5t:QZUCVh1Jhpq6cmUU2NnYpv9UcVvD4sog
Malware Config
Targets
-
-
Target
89ba05dd82c47779436799efad2651f54e2823b0606a46e984ee7b17881c97c5.exe
-
Size
10.4MB
-
MD5
3b792b5759ac51415be1c8405d772ca9
-
SHA1
b26c53c4082a001a8cce1d7e1f0b7d9266f0e79a
-
SHA256
89ba05dd82c47779436799efad2651f54e2823b0606a46e984ee7b17881c97c5
-
SHA512
20ed824e46e460e853b3272bf7e3260ba481e13aa88dd38d3719e5ca6e4639954af4f23dbfde6e66e722e8fb5068756c1bb0c936e4506374a4a641a1323f0154
-
SSDEEP
196608:AaEXZUCVKZhHIHVJhnpT+IHKPmUU2R79xLkUav4utUcVvD4JTOBopmf5t:QZUCVh1Jhpq6cmUU2NnYpv9UcVvD4sog
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Rms family
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-