General
-
Target
de2a25f8ead1eab33b2648789c06531f_JaffaCakes118
-
Size
4.5MB
-
Sample
240913-lvp21swhkj
-
MD5
de2a25f8ead1eab33b2648789c06531f
-
SHA1
24da52206a2b4a09ef84da764cd4550e5ffb7cec
-
SHA256
793135f920a0b239cff6880c6d9b939a5e2f26e11c063ce1b3b1f35c30e27aff
-
SHA512
63f5c043a8128bb406cc67bf5329d61f7eb21c9052deddb143badb2fd830565635e4738cce80190766a8f914ca0f3265818e3985967b3033d9668c29dd1f8ea0
-
SSDEEP
98304:HKF7KQF1iEaGzM038RzYf0ML2x5tTDaLclizt5CJ:HS7KQrLM/RzYI7Da4Ic
Malware Config
Targets
-
-
Target
de2a25f8ead1eab33b2648789c06531f_JaffaCakes118
-
Size
4.5MB
-
MD5
de2a25f8ead1eab33b2648789c06531f
-
SHA1
24da52206a2b4a09ef84da764cd4550e5ffb7cec
-
SHA256
793135f920a0b239cff6880c6d9b939a5e2f26e11c063ce1b3b1f35c30e27aff
-
SHA512
63f5c043a8128bb406cc67bf5329d61f7eb21c9052deddb143badb2fd830565635e4738cce80190766a8f914ca0f3265818e3985967b3033d9668c29dd1f8ea0
-
SSDEEP
98304:HKF7KQF1iEaGzM038RzYf0ML2x5tTDaLclizt5CJ:HS7KQrLM/RzYI7Da4Ic
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-