Overview

overview

10

Static

static

3

2123428782...18.exe

windows7-x64

10

2123428782...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21234287827ffaf9893ee26bb5904a1c_JaffaCakes118

  • Size

    5.7MB

  • Sample

    240329-nwyfwsgg42

  • MD5

    21234287827ffaf9893ee26bb5904a1c

  • SHA1

    4ce35b410b6a96f00ba57af75cc53a68f90dce3c

  • SHA256

    22ecf75f81c4e67a889f0f89adee960deb071e289b84c4cb6002d744b08f2492

  • SHA512

    2b045e24415958acf4ba33a4b5f986b17500189d6f5834c8bb73c0c7e86a52e14e4d8eb741ebb5dd61928f974f1e1a70469dfdfedd1dee2f76aa15a46b0d5ffb

  • SSDEEP

    98304:WfJoKl0OfMn3YpfkQ2MTRq0CXpBZWpnGm2m/O2cJNNaqfqUOclkN4HaXAVf:WfKKan4cQ2m40IpB4xGW2HNNaqiUBkaf

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      21234287827ffaf9893ee26bb5904a1c_JaffaCakes118

    • Size

      5.7MB

    • MD5

      21234287827ffaf9893ee26bb5904a1c

    • SHA1

      4ce35b410b6a96f00ba57af75cc53a68f90dce3c

    • SHA256

      22ecf75f81c4e67a889f0f89adee960deb071e289b84c4cb6002d744b08f2492

    • SHA512

      2b045e24415958acf4ba33a4b5f986b17500189d6f5834c8bb73c0c7e86a52e14e4d8eb741ebb5dd61928f974f1e1a70469dfdfedd1dee2f76aa15a46b0d5ffb

    • SSDEEP

      98304:WfJoKl0OfMn3YpfkQ2MTRq0CXpBZWpnGm2m/O2cJNNaqfqUOclkN4HaXAVf:WfKKan4cQ2m40IpB4xGW2HNNaqiUBkaf

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks