rms | 62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6 | Triage

Submit
Reports

Overview

overview

Static

static

62da1ea6f1...b6.exe

windows7_x64

62da1ea6f1...b6.exe

windows10_x64

Sharing

General

Target

62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6
Size

6.2MB
Sample

210513-mw7awf1gvs
MD5

a92bdf7da1feb431b92c3bd0e5ef990a
SHA1

957a25e2cf3c408246427ab565db52dc358cd4e7
SHA256

62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6
SHA512

cb85dc1914d0f7cab7f8d2a6868ffd55b5aeeeb0afe4b5d87481be696b277974e70feafe97c601a171718f6a0182b034c32f6c511869a94182923be3ee98d1d5

Score

10^/10

rms persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6.exe

Resource

win7v20210408

rms persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6.exe

Resource

win10v20210410

rms persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6
- Size
  
  6.2MB
- MD5
  
  a92bdf7da1feb431b92c3bd0e5ef990a
- SHA1
  
  957a25e2cf3c408246427ab565db52dc358cd4e7
- SHA256
  
  62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6
- SHA512
  
  cb85dc1914d0f7cab7f8d2a6868ffd55b5aeeeb0afe4b5d87481be696b277974e70feafe97c601a171718f6a0182b034c32f6c511869a94182923be3ee98d1d5
Score

10^/10

rms persistence rat trojan
- Modifies WinLogon for persistence
  persistence
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmspersistencerattrojan

behavioral2

rmspersistencerattrojan

© 2018-2025

Terms | Privacy