General

  • Target

    add60c097af160c031723366a7b12482.exe

  • Size

    17.3MB

  • Sample

    250501-hzgpnagm9z

  • MD5

    add60c097af160c031723366a7b12482

  • SHA1

    5bffe268f0e2e45cb5328014f2ddee5c2c452dad

  • SHA256

    f797e90b43e7f78b5a775d4b0fb7204bef26772de0497e15d414590ab5cb5fa2

  • SHA512

    b88afe03e3790cf476c6c869996d40ae407babc4da1de3e8f4caef4d66d4ecf9de7e15dbb77955ff6b8a5c452d7a3fd82b602812b75c110a4d0c6688f2738a9d

  • SSDEEP

    393216:PMlUtFfHfygjacig0NmzOvny8ZO6bp2b6RWyRwyOozYhkhsnk6F:PyUPf/7jacizmKfhY6bpE8wyO0snkm

Malware Config

Targets

    • Target

      add60c097af160c031723366a7b12482.exe

    • Size

      17.3MB

    • MD5

      add60c097af160c031723366a7b12482

    • SHA1

      5bffe268f0e2e45cb5328014f2ddee5c2c452dad

    • SHA256

      f797e90b43e7f78b5a775d4b0fb7204bef26772de0497e15d414590ab5cb5fa2

    • SHA512

      b88afe03e3790cf476c6c869996d40ae407babc4da1de3e8f4caef4d66d4ecf9de7e15dbb77955ff6b8a5c452d7a3fd82b602812b75c110a4d0c6688f2738a9d

    • SSDEEP

      393216:PMlUtFfHfygjacig0NmzOvny8ZO6bp2b6RWyRwyOozYhkhsnk6F:PyUPf/7jacizmKfhY6bpE8wyO0snkm

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Rms family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks