General
-
Target
c2e68d0204a75aa1f1f0615ec8883a67_JaffaCakes118
-
Size
4.5MB
-
Sample
240826-nl46pasfjr
-
MD5
c2e68d0204a75aa1f1f0615ec8883a67
-
SHA1
847dc490286760dd92fa8b95946c283ff4b0032e
-
SHA256
a151e201eef789f2f07854f967286de25a1ceeef7657e0c5e6b655af12e23ca5
-
SHA512
3653a2eb66c8a96905d223a7ec7d7e997fb3bcfa2cd626a05e12ee2a23b7bfa1ef89dc9205934c38e47e58030d0318e063fe8ce806cb2397f7bec78428508b39
-
SSDEEP
98304:HKF7KQF1iEaGzM038RzYf0ML2x5tTDaLclizt5C1:HS7KQrLM/RzYI7Da4Im
Malware Config
Targets
-
-
Target
c2e68d0204a75aa1f1f0615ec8883a67_JaffaCakes118
-
Size
4.5MB
-
MD5
c2e68d0204a75aa1f1f0615ec8883a67
-
SHA1
847dc490286760dd92fa8b95946c283ff4b0032e
-
SHA256
a151e201eef789f2f07854f967286de25a1ceeef7657e0c5e6b655af12e23ca5
-
SHA512
3653a2eb66c8a96905d223a7ec7d7e997fb3bcfa2cd626a05e12ee2a23b7bfa1ef89dc9205934c38e47e58030d0318e063fe8ce806cb2397f7bec78428508b39
-
SSDEEP
98304:HKF7KQF1iEaGzM038RzYf0ML2x5tTDaLclizt5C1:HS7KQrLM/RzYI7Da4Im
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-