rms | 45286d2370fe25ea8420ef92e566f20306b2e64ef6acc81a6959b184012c9a8e | Triage

Submit
Reports

Overview

overview

Static

static

3

d24781ae13...18.exe

windows7-x64

d24781ae13...18.exe

windows10-2004-x64

Sharing

General

Target

d24781ae13182fe929d8321e621ce370_JaffaCakes118
Size

14.8MB
Sample

240907-s5xceatbjh
MD5

d24781ae13182fe929d8321e621ce370
SHA1

b95cfb6a3b2c194babca769633394eb95cc0fa06
SHA256

45286d2370fe25ea8420ef92e566f20306b2e64ef6acc81a6959b184012c9a8e
SHA512

526fe44c7e24c6d286949dff33d3990aa9ba739f0e7ef7ce4be5cceb0945a0903e4062451223215d4e8ba6e50496024ec7281aaaf8647d725984424922b26f99
SSDEEP

393216:TjLZjiU1lUKyYE2qJc2GONB2amSNJir9:MAv

Score

10^/10

rms discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d24781ae13182fe929d8321e621ce370_JaffaCakes118.exe

Resource

win7-20240903-en

rms discovery rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d24781ae13182fe929d8321e621ce370_JaffaCakes118.exe

Resource

win10v2004-20240802-en

rms discovery rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  d24781ae13182fe929d8321e621ce370_JaffaCakes118
- Size
  
  14.8MB
- MD5
  
  d24781ae13182fe929d8321e621ce370
- SHA1
  
  b95cfb6a3b2c194babca769633394eb95cc0fa06
- SHA256
  
  45286d2370fe25ea8420ef92e566f20306b2e64ef6acc81a6959b184012c9a8e
- SHA512
  
  526fe44c7e24c6d286949dff33d3990aa9ba739f0e7ef7ce4be5cceb0945a0903e4062451223215d4e8ba6e50496024ec7281aaaf8647d725984424922b26f99
- SSDEEP
  
  393216:TjLZjiU1lUKyYE2qJc2GONB2amSNJir9:MAv
Score

10^/10

rms discovery rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryrattrojan

behavioral2

rmsdiscoveryrattrojan

© 2018-2024

Terms | Privacy