Overview

overview

10

Static

static

3

2f9dffa0fb...18.exe

windows7-x64

10

2f9dffa0fb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f9dffa0fbcf7f0a855f8b06095feb55_JaffaCakes118

  • Size

    6.2MB

  • Sample

    240510-r1sb8aba6x

  • MD5

    2f9dffa0fbcf7f0a855f8b06095feb55

  • SHA1

    aac7d466f910a0f7faa13ef06b9f48fe185f4b2c

  • SHA256

    380a0d5b3d5ae9eb9a53cf5bb4fe1737de62020e4f0ec5f56ee601bf8a884d1b

  • SHA512

    22fec64fd0cda26b74d3da4fe92b69bd29e77200f8eb82bae658f7e442d09e365c17af215634fcda497a85db36c7f9aa0dad7de551351090f6509ed1f0e2d10b

  • SSDEEP

    196608:8+oCQEZSkSBVTQ1CRV/ZZVSMaJOiNfmyqf5BjCJOJSc8:8sQEZS21CR/8NuZ5BeJAC

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      2f9dffa0fbcf7f0a855f8b06095feb55_JaffaCakes118

    • Size

      6.2MB

    • MD5

      2f9dffa0fbcf7f0a855f8b06095feb55

    • SHA1

      aac7d466f910a0f7faa13ef06b9f48fe185f4b2c

    • SHA256

      380a0d5b3d5ae9eb9a53cf5bb4fe1737de62020e4f0ec5f56ee601bf8a884d1b

    • SHA512

      22fec64fd0cda26b74d3da4fe92b69bd29e77200f8eb82bae658f7e442d09e365c17af215634fcda497a85db36c7f9aa0dad7de551351090f6509ed1f0e2d10b

    • SSDEEP

      196608:8+oCQEZSkSBVTQ1CRV/ZZVSMaJOiNfmyqf5BjCJOJSc8:8sQEZS21CR/8NuZ5BeJAC

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks