rms | d3a32569a3a7a940b94ea29e963643adf9a15308c5b2074a11d29fbb5ff27fec | Triage

Submit
Reports

Overview

overview

Static

static

3

723a7e3f2a...18.exe

windows7-x64

723a7e3f2a...18.exe

windows10-2004-x64

Sharing

General

Target

723a7e3f2a293f526c2574cfad06b72b_JaffaCakes118
Size

5.0MB
Sample

240726-csqq4azgpk
MD5

723a7e3f2a293f526c2574cfad06b72b
SHA1

54c9a81aa53962beb066402e63464f7b18d34273
SHA256

d3a32569a3a7a940b94ea29e963643adf9a15308c5b2074a11d29fbb5ff27fec
SHA512

a4183af1435af07da77d96ca992190d06d5c5bda37528a5c5a4aeb811aedaa6c26ebaa7d26347d066d92ce60f11e2c893b5ed0526e71daebd8d65aca2afdc70b
SSDEEP

98304:YogY3IgMAk7BepFZXiWDoFA9hvfbDU+epbQ9DgG6O2kF2KaQ+02usPfdN:YS3IRRwp/Xi+KAjffU+epbytUkF9aQ+V

Score

10^/10

rms discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

723a7e3f2a293f526c2574cfad06b72b_JaffaCakes118.exe

Resource

win7-20240708-en

rms discovery rat trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

723a7e3f2a293f526c2574cfad06b72b_JaffaCakes118.exe

Resource

win10v2004-20240709-en

rms discovery rat trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  723a7e3f2a293f526c2574cfad06b72b_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  723a7e3f2a293f526c2574cfad06b72b
- SHA1
  
  54c9a81aa53962beb066402e63464f7b18d34273
- SHA256
  
  d3a32569a3a7a940b94ea29e963643adf9a15308c5b2074a11d29fbb5ff27fec
- SHA512
  
  a4183af1435af07da77d96ca992190d06d5c5bda37528a5c5a4aeb811aedaa6c26ebaa7d26347d066d92ce60f11e2c893b5ed0526e71daebd8d65aca2afdc70b
- SSDEEP
  
  98304:YogY3IgMAk7BepFZXiWDoFA9hvfbDU+epbQ9DgG6O2kF2KaQ+02usPfdN:YS3IRRwp/Xi+KAjffU+epbytUkF9aQ+V
Score

10^/10

rms discovery rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryrattrojan

behavioral2

rmsdiscoveryrattrojan

© 2018-2024

Terms | Privacy