Overview

overview

10

Static

static

3

f6665ffcda...18.exe

windows7-x64

10

f6665ffcda...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6665ffcda974dd32f3ee0b6b803fd34_JaffaCakes118

  • Size

    1.7MB

  • Sample

    241216-aly3satqds

  • MD5

    f6665ffcda974dd32f3ee0b6b803fd34

  • SHA1

    c03501cfe0652b14f0f5d4cea6ba47f00795c6b2

  • SHA256

    7c2bb2e0ba7a643d2c39eea01a117edde0ebc23f42ca538030435305bb40035d

  • SHA512

    d4c9bdb721502bafb4f063a6e6753fb83aee80ec1c2ef21cee503467257699d4dd2893a184204dcf69ca44267b634bee5557f24609f59a776627c6ecb3329489

  • SSDEEP

    49152:QAJYXsQRx/EJUx6orYHmVW3TBtRaFvPpVHBbpQl:7JYXsQRx/Eux6or3ZvxVHBNQl

Score
10/10
rmsdiscoveryexecutionrattrojanupx

Malware Config

Targets

    • Target

      f6665ffcda974dd32f3ee0b6b803fd34_JaffaCakes118

    • Size

      1.7MB

    • MD5

      f6665ffcda974dd32f3ee0b6b803fd34

    • SHA1

      c03501cfe0652b14f0f5d4cea6ba47f00795c6b2

    • SHA256

      7c2bb2e0ba7a643d2c39eea01a117edde0ebc23f42ca538030435305bb40035d

    • SHA512

      d4c9bdb721502bafb4f063a6e6753fb83aee80ec1c2ef21cee503467257699d4dd2893a184204dcf69ca44267b634bee5557f24609f59a776627c6ecb3329489

    • SSDEEP

      49152:QAJYXsQRx/EJUx6orYHmVW3TBtRaFvPpVHBbpQl:7JYXsQRx/Eux6or3ZvxVHBNQl

    Score
    10/10
    rmsdiscoveryexecutionrattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Rms family

      rms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks