rms | 8f4d63fea00eca6d91147de6a10b7aae6069f164ef00d5986eff571249552dae | Triage

Sharing

General

Target

27330ccbfadf5f57b8a6f5bcdbbb1e20_JaffaCakes118
Size

4.1MB
Sample

240705-3cbv4syepn
MD5

27330ccbfadf5f57b8a6f5bcdbbb1e20
SHA1

1117014392eb828a23d5f10506718852fc223639
SHA256

8f4d63fea00eca6d91147de6a10b7aae6069f164ef00d5986eff571249552dae
SHA512

adfbb5240ca376dc93e9bf5bca21d95b81145248ca083d8c693873079a535ec56a56567e65f68037195f0f6fb3d1e3dcad60f82aa4f9fc2c5bc10ed4e2198c59
SSDEEP

98304:6IaFJCkLoC4oarYbdu9x6MXDWVJziOSPedWbBziWr:6IaFJBM+bIv6cipkZl1

Score

10^/10

rms rat trojan

Malware Config

Targets

- Target
  
  27330ccbfadf5f57b8a6f5bcdbbb1e20_JaffaCakes118
- Size
  
  4.1MB
- MD5
  
  27330ccbfadf5f57b8a6f5bcdbbb1e20
- SHA1
  
  1117014392eb828a23d5f10506718852fc223639
- SHA256
  
  8f4d63fea00eca6d91147de6a10b7aae6069f164ef00d5986eff571249552dae
- SHA512
  
  adfbb5240ca376dc93e9bf5bca21d95b81145248ca083d8c693873079a535ec56a56567e65f68037195f0f6fb3d1e3dcad60f82aa4f9fc2c5bc10ed4e2198c59
- SSDEEP
  
  98304:6IaFJCkLoC4oarYbdu9x6MXDWVJziOSPedWbBziWr:6IaFJBM+bIv6cipkZl1
Score

10^/10

rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSISList.dll
- Size
  
  105KB
- MD5
  
  4b0617493f32b2b5fe5e838eeb885819
- SHA1
  
  336e84380420a9caaa9c12af7c8e530135e63c57
- SHA256
  
  df3621f83e9d11be45e0e617b899c4ab0241f60ed56494e892dc449482058402
- SHA512
  
  5c50cf97cd9a6c699ec7928a08f77f4eaa68105e87a974432e39b637f926f0df8a95ec19bd63465fc438a4ef6349398938bc8d7651de125d13ccab89d1d49143
- SSDEEP
  
  3072:NIgAGTHvtyzvUnB26s2oZtX0Uzi/t6zhy9:ygAuvtRno30V/t6z
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  8cf2ac271d7679b1d68eefc1ae0c5618
- SHA1
  
  7cc1caaa747ee16dc894a600a4256f64fa65a9b8
- SHA256
  
  6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
- SHA512
  
  ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
- SSDEEP
  
  192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  7KB
- MD5
  
  f27689c513e7d12c7c974d5f8ef710d6
- SHA1
  
  e305f2a2898d765a64c82c449dfb528665b4a892
- SHA256
  
  1f18f4126124b0551f3dbcd0fec7f34026f930ca509f04435657cedc32ae8c47
- SHA512
  
  734e9f3989ee47a86bee16838df7a09353c7fe085a09d77e70d281b21c5477b0b061616e72e8ac8fcb3dda1df0d5152f54dcc4c5a77f90fbf0f857557bf02fbc
- SSDEEP
  
  96:JpmkmwmHDPVhklfSoRPB+YSvWvZckH69MSz00vQFHhAVvSGYuHnUNy2DCP:J+PVhYfSokvW2CsQFBAVaGdHnUNR
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/registry.dll
- Size
  
  24KB
- MD5
  
  2b7007ed0262ca02ef69d8990815cbeb
- SHA1
  
  2eabe4f755213666dbbbde024a5235ddde02b47f
- SHA256
  
  0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
- SHA512
  
  aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca
- SSDEEP
  
  384:W2mvyNjH3rPnAZ4wu2QbnC7qB7PnrvScaeYA4CIDEge/QqL2AQ:/75w/OfrzB4CUxuQfA
Score

3^/10
behavioral11 behavioral12
- Target
  
  $_1_/emperor.exe
- Size
  
  11.2MB
- MD5
  
  4912f4062c8f32f2bc19a9866b11b4b6
- SHA1
  
  7162ef0c1286f358a755d481cc08ffe720ae0b5e
- SHA256
  
  38c164ea976d3e5da89243559a1b28aed2afc6e4a29a60e8bd6e4c1cfbbf3511
- SHA512
  
  98301542f398f99fd6ab6539d42cb41aca0b5c3f00357ce7dcdfce67a2a1dbf664886bdf97503201391e23ac127e1541654f4bb4ed6b833edfdc42a3038887ed
- SSDEEP
  
  98304:16OwlI2RKvm132+y6g270DNGyTuE+62IkYePy456ZGXrX+3ZYOx5nPtc:T6fRKvm13Tyo0DNwb6ZGL+Jvx5nlc
Score

10^/10

rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  $_1_/libeay32.dll
- Size
  
  1.3MB
- MD5
  
  4cb2e1b9294ddae1bf7dcaaf42b365d1
- SHA1
  
  a225f53a8403d9b73d77bcbb075194520cce5a14
- SHA256
  
  a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884
- SHA512
  
  46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb
- SSDEEP
  
  24576:VD8B+KpPexB6mqwktXUcAVEaFQXhL0porIqo+Frzba:WKkmlktXUcAVEDhQporIqo+Frzba
Score

1^/10
behavioral15 behavioral16
- Target
  
  $_1_/ssleay32.dll
- Size
  
  337KB
- MD5
  
  5c268ca919854fc22d85f916d102ee7f
- SHA1
  
  0957cf86e0334673eb45945985b5c033b412be0e
- SHA256
  
  1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56
- SHA512
  
  76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310
- SSDEEP
  
  6144:8EXfWSXFKIsrpivdM+kPsmWak8dfthPDP0wrE90k7DUT/NaDB7JlwScihgbX5/GU:8EXfWSVKIsrpivdM+msmWak8dfnPDPPz
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18