General
-
Target
160149ffe7de385c711f621e2a8539c1_JaffaCakes118
-
Size
4.5MB
-
Sample
240728-m5p1faxele
-
MD5
160149ffe7de385c711f621e2a8539c1
-
SHA1
06cc191aa38cedbf4c35f3f7359127e53caca1fd
-
SHA256
1dbf988be32a5b726b64471a3eda92d7c8bb40414c53a6f8f5b2382ddd42ac56
-
SHA512
6770440accb6ef6a38105a9c411892f02657006725cb2e5abb7946ffe3a06c50a0487e4afceb64df804e76c0ab019114845042e8a00469bb70b2056ee4f005d2
-
SSDEEP
98304:HKF7KQF1iEaGzM038RzYf0ML2x5tTDaLclizt5C2:HS7KQrLM/RzYI7Da4IB
Malware Config
Targets
-
-
Target
160149ffe7de385c711f621e2a8539c1_JaffaCakes118
-
Size
4.5MB
-
MD5
160149ffe7de385c711f621e2a8539c1
-
SHA1
06cc191aa38cedbf4c35f3f7359127e53caca1fd
-
SHA256
1dbf988be32a5b726b64471a3eda92d7c8bb40414c53a6f8f5b2382ddd42ac56
-
SHA512
6770440accb6ef6a38105a9c411892f02657006725cb2e5abb7946ffe3a06c50a0487e4afceb64df804e76c0ab019114845042e8a00469bb70b2056ee4f005d2
-
SSDEEP
98304:HKF7KQF1iEaGzM038RzYf0ML2x5tTDaLclizt5C2:HS7KQrLM/RzYI7Da4IB
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-