rms | 5d4447c12af07349b13f38c6d0dd226915a27a7bba6aa40b7b65ea6a87e3a305 | Triage

Submit
Reports

Overview

overview

Static

static

3

e579348f0e...18.exe

windows7-x64

e579348f0e...18.exe

windows10-2004-x64

Sharing

General

Target

e579348f0efa5c965fa570e7da12d056_JaffaCakes118
Size

4.3MB
Sample

240407-v3a3hahh2z
MD5

e579348f0efa5c965fa570e7da12d056
SHA1

70faa1e256d616121141c073b3ec6443f9de469d
SHA256

5d4447c12af07349b13f38c6d0dd226915a27a7bba6aa40b7b65ea6a87e3a305
SHA512

100e266a4a297ecee254f0398ca9c717ac972b236e3165b1a9736c6da31cb39b2127979610f070766539b14f1701fa4fcc41248f95d71f5f8a4a995d18b84644
SSDEEP

98304:mOcd1iEPw3V56K3U9+JYhfF5kt03XzzO6bcSiUyo2GE:mO+QE2V5++JYASDzO6biz5GE

Score

10^/10

rms aspackv2 rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e579348f0efa5c965fa570e7da12d056_JaffaCakes118.exe

Resource

win7-20240221-en

rms aspackv2 rat trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

e579348f0efa5c965fa570e7da12d056_JaffaCakes118.exe

Resource

win10v2004-20240226-en

rms aspackv2 rat trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  e579348f0efa5c965fa570e7da12d056_JaffaCakes118
- Size
  
  4.3MB
- MD5
  
  e579348f0efa5c965fa570e7da12d056
- SHA1
  
  70faa1e256d616121141c073b3ec6443f9de469d
- SHA256
  
  5d4447c12af07349b13f38c6d0dd226915a27a7bba6aa40b7b65ea6a87e3a305
- SHA512
  
  100e266a4a297ecee254f0398ca9c717ac972b236e3165b1a9736c6da31cb39b2127979610f070766539b14f1701fa4fcc41248f95d71f5f8a4a995d18b84644
- SSDEEP
  
  98304:mOcd1iEPw3V56K3U9+JYhfF5kt03XzzO6bcSiUyo2GE:mO+QE2V5++JYASDzO6biz5GE
Score

10^/10

rms aspackv2 rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

rmsaspackv2rattrojanupx

behavioral2

rmsaspackv2rattrojanupx

© 2018-2024

Terms | Privacy