General
-
Target
88d486373f3a8a2cafabaf9b4d2d5249_JaffaCakes118
-
Size
5.6MB
-
Sample
240811-d26dksxcmh
-
MD5
88d486373f3a8a2cafabaf9b4d2d5249
-
SHA1
746047d4cf8b304cea2bc0dcfcc29b630fdcaae1
-
SHA256
4434da52be03e1aab6dfea806a29a1adf6d413779375c616193fbe7c6b40c63c
-
SHA512
d481781cfb9dc516d30dd46786ccb227ebefcfada3b42a915de9170384007da9ce50d4634ac6fa9a7983fb6cb1aac3b839e189be0056356583c7ad445ab2e331
-
SSDEEP
98304:n3JjeVE63WQbNYt7DKDKsOzPsLVYmtAdN1AAbMoxTakNTllwmEI8+kgRN:n3JyVlWQb6+DKDahSfb9xe0lV8tgv
Malware Config
Targets
-
-
Target
88d486373f3a8a2cafabaf9b4d2d5249_JaffaCakes118
-
Size
5.6MB
-
MD5
88d486373f3a8a2cafabaf9b4d2d5249
-
SHA1
746047d4cf8b304cea2bc0dcfcc29b630fdcaae1
-
SHA256
4434da52be03e1aab6dfea806a29a1adf6d413779375c616193fbe7c6b40c63c
-
SHA512
d481781cfb9dc516d30dd46786ccb227ebefcfada3b42a915de9170384007da9ce50d4634ac6fa9a7983fb6cb1aac3b839e189be0056356583c7ad445ab2e331
-
SSDEEP
98304:n3JjeVE63WQbNYt7DKDKsOzPsLVYmtAdN1AAbMoxTakNTllwmEI8+kgRN:n3JyVlWQb6+DKDahSfb9xe0lV8tgv
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-