General
-
Target
dd17008c9c50c7fb75c0d56312a869cd_JaffaCakes118
-
Size
5.3MB
-
Sample
240912-1ew8qawgnh
-
MD5
dd17008c9c50c7fb75c0d56312a869cd
-
SHA1
9ee74243ecc8652657ba4800a05132d5d86793ad
-
SHA256
e8883266ae372bf622bf81e32e1c4f2432a3b8619c8d42e6478788e66e3df189
-
SHA512
82df03c5da7ea1ce660533ac92404604eb1a71674c075361688a5d99b9addb3fba3fd1be44b0218c30946136d74dfa212a5e306f6e17cfb855752c672317ae80
-
SSDEEP
98304:CB3g+7KYMB8a7tCPK6w/UWaLEexs9aFczWHEYmffVplU:CBQuKYMNoK6w/uQQDFczbYm1A
Malware Config
Targets
-
-
Target
dd17008c9c50c7fb75c0d56312a869cd_JaffaCakes118
-
Size
5.3MB
-
MD5
dd17008c9c50c7fb75c0d56312a869cd
-
SHA1
9ee74243ecc8652657ba4800a05132d5d86793ad
-
SHA256
e8883266ae372bf622bf81e32e1c4f2432a3b8619c8d42e6478788e66e3df189
-
SHA512
82df03c5da7ea1ce660533ac92404604eb1a71674c075361688a5d99b9addb3fba3fd1be44b0218c30946136d74dfa212a5e306f6e17cfb855752c672317ae80
-
SSDEEP
98304:CB3g+7KYMB8a7tCPK6w/UWaLEexs9aFczWHEYmffVplU:CBQuKYMNoK6w/uQQDFczbYm1A
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-