rms | 62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6 | Triage

Submit
Reports

Overview

overview

Static

static

62da1ea6f1...b6.exe

windows7_x64

62da1ea6f1...b6.exe

windows10_x64

Sharing

General

Target

62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6
Size

6.2MB
Sample

210513-mw7awf1gvs
MD5

a92bdf7da1feb431b92c3bd0e5ef990a
SHA1

957a25e2cf3c408246427ab565db52dc358cd4e7
SHA256

62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6
SHA512

cb85dc1914d0f7cab7f8d2a6868ffd55b5aeeeb0afe4b5d87481be696b277974e70feafe97c601a171718f6a0182b034c32f6c511869a94182923be3ee98d1d5

Score

10^/10

rms persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6.exe

Resource

win7v20210408

rms persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6.exe

Resource

win10v20210410

rms persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6
- Size
  
  6.2MB
- MD5
  
  a92bdf7da1feb431b92c3bd0e5ef990a
- SHA1
  
  957a25e2cf3c408246427ab565db52dc358cd4e7
- SHA256
  
  62da1ea6f12737a24733de2657eeba7557fa25c41766befec5c830d5dafe09b6
- SHA512
  
  cb85dc1914d0f7cab7f8d2a6868ffd55b5aeeeb0afe4b5d87481be696b277974e70feafe97c601a171718f6a0182b034c32f6c511869a94182923be3ee98d1d5
Score

10^/10

rms persistence rat trojan
- Modifies WinLogon for persistence
  persistence
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

rmspersistencerattrojan

behavioral2

rmspersistencerattrojan

© 2018-2024

Terms | Privacy