rms

General

Target

7d6402b5f19f6a84ac471edbe9c21bdf_JaffaCakes118
Size

4.5MB
Sample

240528-sfdtrsah26
MD5

7d6402b5f19f6a84ac471edbe9c21bdf
SHA1

39394206c4fb590e4dffc200ce71e73d373a7af4
SHA256

2834f08114dd9a0583deb4d44ed36b6bf914d26cb9482c99cbed6e1c5dc4aa83
SHA512

d16f031b5204d2ea8345867d11767ccc5d10ef17f1249ef721237440b349a5c853fecd2c53eac8a0a3c1c415aaeb1e33b41a904299bd744d8f21ae3f250dbb9f
SSDEEP

98304:HKF7KQF1iEaGzM038RzYf0ML2x5tTDaLclizt5CK:HS7KQrLM/RzYI7Da4IF

Score

10^/10

Malware Config

Targets

- Target
  
  7d6402b5f19f6a84ac471edbe9c21bdf_JaffaCakes118
- Size
  
  4.5MB
- MD5
  
  7d6402b5f19f6a84ac471edbe9c21bdf
- SHA1
  
  39394206c4fb590e4dffc200ce71e73d373a7af4
- SHA256
  
  2834f08114dd9a0583deb4d44ed36b6bf914d26cb9482c99cbed6e1c5dc4aa83
- SHA512
  
  d16f031b5204d2ea8345867d11767ccc5d10ef17f1249ef721237440b349a5c853fecd2c53eac8a0a3c1c415aaeb1e33b41a904299bd744d8f21ae3f250dbb9f
- SSDEEP
  
  98304:HKF7KQF1iEaGzM038RzYf0ML2x5tTDaLclizt5CK:HS7KQrLM/RzYI7Da4IF
Score

10^/10

rms aspackv2 evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

2

T1564

Hidden Files and Directories

2

T1564.001

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Sets file to hidden

ACProtect 1.3x - 1.4x DLL software

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2