General

  • Target

    JaffaCakes118_0cd4e642b1752a330f7a6fc3e5f808e2

  • Size

    5.1MB

  • Sample

    250601-z52epagk9x

  • MD5

    0cd4e642b1752a330f7a6fc3e5f808e2

  • SHA1

    639ccb591d465c817d245fa7e7d57f19c2cd16e1

  • SHA256

    4ca4e289831daf5e3ef85c8126a2c1efd1b7803f5310ddfeeeb619aa8c62d26d

  • SHA512

    73f97e5387a2c2c80fc1bdc10613ab5fa0d88e388e220ea7c9695eab896443b234e66ea8c5ada07d4d75e5adc3bcdf962e1a5440a17d621b943a40077762dbc0

  • SSDEEP

    98304:AhxVsVDNx2LVYl3ntg7nCxQ1mQKd450NjDyeZ3oGWm8y4ckQ:AvVsRH2+9tg+1VugjODGWm8y43Q

Score
10/10

Malware Config

Targets

    • Target

      JaffaCakes118_0cd4e642b1752a330f7a6fc3e5f808e2

    • Size

      5.1MB

    • MD5

      0cd4e642b1752a330f7a6fc3e5f808e2

    • SHA1

      639ccb591d465c817d245fa7e7d57f19c2cd16e1

    • SHA256

      4ca4e289831daf5e3ef85c8126a2c1efd1b7803f5310ddfeeeb619aa8c62d26d

    • SHA512

      73f97e5387a2c2c80fc1bdc10613ab5fa0d88e388e220ea7c9695eab896443b234e66ea8c5ada07d4d75e5adc3bcdf962e1a5440a17d621b943a40077762dbc0

    • SSDEEP

      98304:AhxVsVDNx2LVYl3ntg7nCxQ1mQKd450NjDyeZ3oGWm8y4ckQ:AvVsRH2+9tg+1VugjODGWm8y43Q

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Rms family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks