rms | 260521f4e81572a65d2b6ccedac51cdd886bba3a8fc2342e501accc0f53f0ff1 | Triage

Submit
Reports

Overview

overview

Static

static

vmtools.exe

windows10_x64

Sharing

General

Target

vmtools.exe
Size

16.0MB
Sample

210614-8eved7y9he
MD5

4e91b0fddaf1eba8f92741ff59a6aca4
SHA1

f96bd2a87253c146aacbbc38defdda5a2cab0497
SHA256

260521f4e81572a65d2b6ccedac51cdd886bba3a8fc2342e501accc0f53f0ff1
SHA512

183906ccc9cfdeb421a9fa25447c9b7825f6ffcafbbda18411cfabce5c0f437cd002f2f5193a6bcc3608b704458a3c746e5dce4b8223c3c844a98509ba4117e7

Score

10^/10

rms rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

vmtools.exe

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  vmtools.exe
- Size
  
  16.0MB
- MD5
  
  4e91b0fddaf1eba8f92741ff59a6aca4
- SHA1
  
  f96bd2a87253c146aacbbc38defdda5a2cab0497
- SHA256
  
  260521f4e81572a65d2b6ccedac51cdd886bba3a8fc2342e501accc0f53f0ff1
- SHA512
  
  183906ccc9cfdeb421a9fa25447c9b7825f6ffcafbbda18411cfabce5c0f437cd002f2f5193a6bcc3608b704458a3c746e5dce4b8223c3c844a98509ba4117e7
Score

10^/10

rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy