rms | 743b2aaedb3404e74de225ecf91ed0434fe4ee7279aa8bb6cb576316da1f3ef3 | Triage

Sharing

General

Target

FSOC.7z
Size

6.9MB
Sample

210907-vsz9msdae2
MD5

89b2802abd6f6e9af33c7b413fcac1df
SHA1

c02113d4e58b182b9f169ab73ea5639fa6686383
SHA256

743b2aaedb3404e74de225ecf91ed0434fe4ee7279aa8bb6cb576316da1f3ef3
SHA512

65c4a76b7955b7e49e79fe7def0c60b12c3896dd81692c391c2a0fedd23b3b501c2de043b9773465ecf9a0b9584454fbfcf22349e39791ec30702770c681d438

Score

10^/10

rms rat trojan

Malware Config

Targets

- Target
  
  FSOC/libeay32.dll
- Size
  
  1.3MB
- MD5
  
  0d51927274281007657c7f3e0df7becb
- SHA1
  
  6de3746d9d0980f5715cec6c676a8eb53b5efc49
- SHA256
  
  dfc847405be60c29e86e3e3222e7f63c1ff584727d87d3c35c25c4893e19fda0
- SHA512
  
  eef74088a94635184192d82bb6dcc0758749cb290c8deeff211881e8a280aec73a53334eff8846df618204b0f318e757eab23e76951a472ba6e086905000d9a5
Score

1^/10
behavioral1 behavioral2
- Target
  
  FSOC/ssleay32.dll
- Size
  
  337KB
- MD5
  
  197da919e4c91125656bf905877c9b5a
- SHA1
  
  9574ec3e87bb0f7acce72d4d59d176296741aa83
- SHA256
  
  303c78aba3b776472c245f17020f9aa5a53f09a6f6c1e4f34b8e18e33906b5ee
- SHA512
  
  33c1b853181f83cab2f57f47fb7e093badf83963613e7328ebd23f0d62f59416d7a93063c6237435fbb6833a69bc44ebbc13aa585da010f491c680b2ea335c47
Score

1^/10
behavioral3 behavioral4
- Target
  
  FSOC/vmtools.exe
- Size
  
  15.8MB
- MD5
  
  2d1106c13af8afc6fff279a41e4893c4
- SHA1
  
  d076af3cded5a3b9593bdb8613c5c5145063acb3
- SHA256
  
  2555e7cf32b7cbf8431f5cad37ae9733d208460a96e8b9d890366544c3bb17c5
- SHA512
  
  d7ae08ca1bfe63d73f78d724a03bd879dc79a117c851d32530c911ba37ba066e8d27dd3195fecb70c53477657f3b27c66c283a9e1ab5960c9b0a5e084c6a7846
Score

10^/10

rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  FSOC/vmworktool.exe
- Size
  
  10.7MB
- MD5
  
  2bda9b1a12fea5b3b0eed375dd60b1b8
- SHA1
  
  ce4de9d0cfba59ccb33cf4cd482c9c6d178df6df
- SHA256
  
  315f8684e73b9cee6e599a07a1b61cf3680b8165108ba0be82209e1a4073f65b
- SHA512
  
  7f420dcd4ad8612e5076da857213556a196084c7bc570b6f0837da405dd5d8d30d299b312d3ca162e6eb93852d11f3b51f58cd5ec8b1e2a736b53b2be0a127f4
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8