Overview

overview

10

Static

static

5

1d3927ab5a...18.exe

windows7-x64

10

1d3927ab5a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d3927ab5a7bf751eefc87decf255df0_JaffaCakes118

  • Size

    4.8MB

  • Sample

    240506-s7vllagh4s

  • MD5

    1d3927ab5a7bf751eefc87decf255df0

  • SHA1

    1e91fead74385d5fd89f861d0cf2fafa58a3f22c

  • SHA256

    6ca850fac33082ef52cf2f7807f4a803f8bd226a3d3b69d67e3b341bbcf228ec

  • SHA512

    1e91a5cc937a920842078277a2d73d13133cdc7c007c1d8171f063217d94da87039d8df9d1b8fa448195426db1859e27a5adabc7c25bb5efa515452053cebf3c

  • SSDEEP

    98304:Q8sjk1jz8etZPOekUfZErJogi3SlcjOSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvB:SjZQrDeSz3rI9a

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      1d3927ab5a7bf751eefc87decf255df0_JaffaCakes118

    • Size

      4.8MB

    • MD5

      1d3927ab5a7bf751eefc87decf255df0

    • SHA1

      1e91fead74385d5fd89f861d0cf2fafa58a3f22c

    • SHA256

      6ca850fac33082ef52cf2f7807f4a803f8bd226a3d3b69d67e3b341bbcf228ec

    • SHA512

      1e91a5cc937a920842078277a2d73d13133cdc7c007c1d8171f063217d94da87039d8df9d1b8fa448195426db1859e27a5adabc7c25bb5efa515452053cebf3c

    • SSDEEP

      98304:Q8sjk1jz8etZPOekUfZErJogi3SlcjOSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvB:SjZQrDeSz3rI9a

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks