rms | 8cac57fe99b554f1333421d66088f330715ba06900613d40fb0cfdf180afcfe2 | Triage

Submit
Reports

Overview

overview

Static

static

7

6937dfddb0...18.exe

windows7-x64

6937dfddb0...18.exe

windows10-2004-x64

Sharing

General

Target

6937dfddb0cd7f3e2726bca7d92d9ba8_JaffaCakes118
Size

2.4MB
Sample

240723-2gxspswarh
MD5

6937dfddb0cd7f3e2726bca7d92d9ba8
SHA1

fa3b2f995c9f4bfa33d43d954e64fa494d163ca8
SHA256

8cac57fe99b554f1333421d66088f330715ba06900613d40fb0cfdf180afcfe2
SHA512

501f48a355faafb9c5898b46b2b70d0a5f250593c63a2e29f0626894cdee5c67740048e9ca9f7801d8900132bcba44b9ac1b1c483536f3651685838449b98ad0
SSDEEP

49152:Is1stZLse/u2xCWiduW1U61GtF4x9S+cV4ubH86JW:Pise/umJhWaHGx9AVlrW

Score

10^/10

rms discovery persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6937dfddb0cd7f3e2726bca7d92d9ba8_JaffaCakes118.exe

Resource

win7-20240704-en

rms discovery persistence rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

6937dfddb0cd7f3e2726bca7d92d9ba8_JaffaCakes118.exe

Resource

win10v2004-20240709-en

rms discovery persistence rat trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  6937dfddb0cd7f3e2726bca7d92d9ba8_JaffaCakes118
- Size
  
  2.4MB
- MD5
  
  6937dfddb0cd7f3e2726bca7d92d9ba8
- SHA1
  
  fa3b2f995c9f4bfa33d43d954e64fa494d163ca8
- SHA256
  
  8cac57fe99b554f1333421d66088f330715ba06900613d40fb0cfdf180afcfe2
- SHA512
  
  501f48a355faafb9c5898b46b2b70d0a5f250593c63a2e29f0626894cdee5c67740048e9ca9f7801d8900132bcba44b9ac1b1c483536f3651685838449b98ad0
- SSDEEP
  
  49152:Is1stZLse/u2xCWiduW1U61GtF4x9S+cV4ubH86JW:Pise/umJhWaHGx9AVlrW
Score

10^/10

rms discovery persistence rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoverypersistencerattrojanupx

behavioral2

rmsdiscoverypersistencerattrojanupx

© 2018-2024

Terms | Privacy