Overview

overview

10

Static

static

7

agent.exe

windows7-x64

10

agent.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    424717cdcd467e3e1900559c94b0481e_JaffaCakes118

  • Size

    9.3MB

  • Sample

    240514-vn594afh46

  • MD5

    424717cdcd467e3e1900559c94b0481e

  • SHA1

    9b4db55f04ea33051822c41e1c3e1f759e4e098a

  • SHA256

    104555eaa2a56782c4357dc3150d865f8d89eeeb5d4933aebc3d7d3d4278bd12

  • SHA512

    15ae88bbe3aaaf4fb598fcbebedc2dc628c358e23f8904426f3c89e086c43549f002b6235247f7e6547d5e3e942e645bdace03f22795348f0a241c9d533bcd86

  • SSDEEP

    196608:IhXt/kweUhKEtRwMt+9BhOU0TLNCshGoYvyGP2ObvuQkuAg9Ec/Omj0xoNXS:U/VhKErw8mhB01NhGoI3WATEiOmjq

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      agent.exe

    • Size

      9.6MB

    • MD5

      f318f33943ac090b9872a8ac4045bedf

    • SHA1

      974da2c9186ca7534a29c9f907cb910668368e5f

    • SHA256

      75fb9e1511f1005f07cd73c8cc836fcdecc645e4a633c48e7816958e7d792d25

    • SHA512

      3c46bf23c1ed51e5acada3f4abcf26199283b879d9da0b5ca9b7e4813084c048aade6378a0282ae4a3708b9fd5aef1dfddbdba476812a087bcadc455ebfc7bd2

    • SSDEEP

      196608:Ph8kqvWOgbU9z8PQ4EXqWkNGC/TkLZ04CTp2CKoojMHXF7lb5ryP1IPJ8czzT:Ph8/vW49zgQ4E6aykl04CkTMhDa+j

    Score
    10/10
    rmsrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks