rms | 8a239323b3ab342bf8ddbe48cf5c85e03d685c607dcdbc7dc5d496de44b2c14b | Triage

Submit
Reports

Overview

overview

Static

static

3

05ee4fe766...18.exe

windows7-x64

05ee4fe766...18.exe

windows10-2004-x64

Sharing

General

Target

05ee4fe7668234dd91047f55a4dfa83f_JaffaCakes118
Size

7.3MB
Sample

241001-qcz7gsvdmg
MD5

05ee4fe7668234dd91047f55a4dfa83f
SHA1

a0161d4e01303f9a8e9e713d2442d0bb6adcf6d4
SHA256

8a239323b3ab342bf8ddbe48cf5c85e03d685c607dcdbc7dc5d496de44b2c14b
SHA512

63f55da3c3f57a427b848473777f095ff48238c4bead145ba70c2e2168bcd3ac0c0df75bf024219313d8991b42ff6fae597c7eafd5dddb2b026c5d7edb5c9ea0
SSDEEP

196608:fdca2q5U/hw0W0OBSSUpq+yLv5xeHsWz+UO+tM5FqX:fdcaFchwX0G+ORxgskFq8X

Score

10^/10

rms discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

05ee4fe7668234dd91047f55a4dfa83f_JaffaCakes118.exe

Resource

win7-20240903-en

rms discovery rat trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

05ee4fe7668234dd91047f55a4dfa83f_JaffaCakes118.exe

Resource

win10v2004-20240802-en

rms discovery rat trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  05ee4fe7668234dd91047f55a4dfa83f_JaffaCakes118
- Size
  
  7.3MB
- MD5
  
  05ee4fe7668234dd91047f55a4dfa83f
- SHA1
  
  a0161d4e01303f9a8e9e713d2442d0bb6adcf6d4
- SHA256
  
  8a239323b3ab342bf8ddbe48cf5c85e03d685c607dcdbc7dc5d496de44b2c14b
- SHA512
  
  63f55da3c3f57a427b848473777f095ff48238c4bead145ba70c2e2168bcd3ac0c0df75bf024219313d8991b42ff6fae597c7eafd5dddb2b026c5d7edb5c9ea0
- SSDEEP
  
  196608:fdca2q5U/hw0W0OBSSUpq+yLv5xeHsWz+UO+tM5FqX:fdcaFchwX0G+ORxgskFq8X
Score

10^/10

rms discovery rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryrattrojan

behavioral2

rmsdiscoveryrattrojan

© 2018-2024

Terms | Privacy