Overview

overview

10

Static

static

1

87c178909c...18.exe

windows7-x64

10

87c178909c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87c178909c60f42c73b7bdf16363112b_JaffaCakes118

  • Size

    4.5MB

  • Sample

    240531-vzl1lafh63

  • MD5

    87c178909c60f42c73b7bdf16363112b

  • SHA1

    d3b814dd306b5bd180a5f7c2ec529ec2310eaf7e

  • SHA256

    409ae5318680c727dd3c22ccffb9be5ce959e1763360272e7357812c46c6591a

  • SHA512

    809f8f9c0c4dcc5a75b00efed6f37c46f64816d72472ab8b9138ec8cc6dd2cf28569c4fdcd0dff0f35bc65adef15e728e4d5f750516ee70d9bad434a02cd8948

  • SSDEEP

    98304:Vs2AhwkGMEOOgkOajllnEOUxjNRDBcFEyftigCgox:VVAWfOSlp9SDBWfMgCga

Score
10/10
rmsrattrojan

Malware Config

Targets

    • Target

      87c178909c60f42c73b7bdf16363112b_JaffaCakes118

    • Size

      4.5MB

    • MD5

      87c178909c60f42c73b7bdf16363112b

    • SHA1

      d3b814dd306b5bd180a5f7c2ec529ec2310eaf7e

    • SHA256

      409ae5318680c727dd3c22ccffb9be5ce959e1763360272e7357812c46c6591a

    • SHA512

      809f8f9c0c4dcc5a75b00efed6f37c46f64816d72472ab8b9138ec8cc6dd2cf28569c4fdcd0dff0f35bc65adef15e728e4d5f750516ee70d9bad434a02cd8948

    • SSDEEP

      98304:Vs2AhwkGMEOOgkOajllnEOUxjNRDBcFEyftigCgox:VVAWfOSlp9SDBWfMgCga

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks