rms | d0d8a654babd62cd2520aa253c985da6881d61596ede83c07cb0b3a64db2b974 | Triage

Submit
Reports

Overview

overview

Static

static

3

091514afc2...18.exe

windows7-x64

091514afc2...18.exe

windows10-2004-x64

Sharing

General

Target

091514afc2cc22adc585d371023168e0_JaffaCakes118
Size

7.8MB
Sample

241002-f2kszsygkr
MD5

091514afc2cc22adc585d371023168e0
SHA1

0d78ec5778da2c23a98088c32a7a0e5eae623378
SHA256

d0d8a654babd62cd2520aa253c985da6881d61596ede83c07cb0b3a64db2b974
SHA512

1e6495d2b88af9eec27c2616186cdbd6e9ed36985e3ba930ddb0ca3b3680f4e1a78c8bb12605a61ae691bf27d5bbea6e2e73a06f8cd5a158a3e9e72b8887ddd9
SSDEEP

196608:X4XPVswZNIDXizs5zE2Ont7Z8u7LVkjKdDCwF/:I75qg5nv57LajKdWy

Score

10^/10

rms discovery evasion rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

091514afc2cc22adc585d371023168e0_JaffaCakes118.exe

Resource

win7-20240708-en

rms discovery evasion rat trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

091514afc2cc22adc585d371023168e0_JaffaCakes118.exe

Resource

win10v2004-20240802-en

rms discovery evasion rat trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  091514afc2cc22adc585d371023168e0_JaffaCakes118
- Size
  
  7.8MB
- MD5
  
  091514afc2cc22adc585d371023168e0
- SHA1
  
  0d78ec5778da2c23a98088c32a7a0e5eae623378
- SHA256
  
  d0d8a654babd62cd2520aa253c985da6881d61596ede83c07cb0b3a64db2b974
- SHA512
  
  1e6495d2b88af9eec27c2616186cdbd6e9ed36985e3ba930ddb0ca3b3680f4e1a78c8bb12605a61ae691bf27d5bbea6e2e73a06f8cd5a158a3e9e72b8887ddd9
- SSDEEP
  
  196608:X4XPVswZNIDXizs5zE2Ont7Z8u7LVkjKdDCwF/:I75qg5nv57LajKdWy
Score

10^/10

rms discovery evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryevasionrattrojan

behavioral2

rmsdiscoveryevasionrattrojan

© 2018-2025

Terms | Privacy