General
-
Target
467389d955368445c1c749556e894f918d193637df00f175c715ed2c9b5c2672.exe
-
Size
4.4MB
-
Sample
250323-jpz9paxqt8
-
MD5
78fe208105d90f83f43a0c07c6210541
-
SHA1
8ad19f227cf5e2e9f4ff6ef2a98735b43f328dd3
-
SHA256
467389d955368445c1c749556e894f918d193637df00f175c715ed2c9b5c2672
-
SHA512
dfaaacfa3a4c7ecca4581d24ec2a2ba6fbbd0218ff27c30f273b3cdc8a0cfc369d39b13e2e662ae3b36613765c844908e839c2f33a476ad4964e468ce8c08849
-
SSDEEP
98304:/4S1Gym+c3UILv5sUuGkz3RQ8Ke+OLFvMXhIHpxfs7:/4mG+ILvsGk9Q8tR9MXhy/s7
Malware Config
Targets
-
-
Target
467389d955368445c1c749556e894f918d193637df00f175c715ed2c9b5c2672.exe
-
Size
4.4MB
-
MD5
78fe208105d90f83f43a0c07c6210541
-
SHA1
8ad19f227cf5e2e9f4ff6ef2a98735b43f328dd3
-
SHA256
467389d955368445c1c749556e894f918d193637df00f175c715ed2c9b5c2672
-
SHA512
dfaaacfa3a4c7ecca4581d24ec2a2ba6fbbd0218ff27c30f273b3cdc8a0cfc369d39b13e2e662ae3b36613765c844908e839c2f33a476ad4964e468ce8c08849
-
SSDEEP
98304:/4S1Gym+c3UILv5sUuGkz3RQ8Ke+OLFvMXhIHpxfs7:/4mG+ILvsGk9Q8tR9MXhy/s7
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Rms family
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-