General

  • Target

    Remote_20230005.exe

  • Size

    11.1MB

  • Sample

    250502-cl9kmagq4v

  • MD5

    efc0c9ee9fb0ef617c3d8cb29a50c650

  • SHA1

    e84f0ba3f990560ae5ba860583c20c02b81a7165

  • SHA256

    e1f3bab1feda99d93daa4fd9bba80000aa4231d17d03b79db07b132b8c014c80

  • SHA512

    81cb184a62cb8375ea6c8f714a75e0e61a84d5b7d6a0552551fbabacb1b2eba71e8f30dc4488556942483f4c6055822a2e0436674539b16c0a6599b373669772

  • SSDEEP

    196608:blMR8+2bq8pGOiFXPcA0WwDQIdsAveFhFu0nD71d2BQfGTw:bcf2RGOyPcgQQCvezDnD71d8Kcw

Malware Config

Targets

    • Target

      Remote_20230005.exe

    • Size

      11.1MB

    • MD5

      efc0c9ee9fb0ef617c3d8cb29a50c650

    • SHA1

      e84f0ba3f990560ae5ba860583c20c02b81a7165

    • SHA256

      e1f3bab1feda99d93daa4fd9bba80000aa4231d17d03b79db07b132b8c014c80

    • SHA512

      81cb184a62cb8375ea6c8f714a75e0e61a84d5b7d6a0552551fbabacb1b2eba71e8f30dc4488556942483f4c6055822a2e0436674539b16c0a6599b373669772

    • SSDEEP

      196608:blMR8+2bq8pGOiFXPcA0WwDQIdsAveFhFu0nD71d2BQfGTw:bcf2RGOyPcgQQCvezDnD71d8Kcw

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Rms family

    • Adds Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks