rms | af01ec61317d91bc4ce4b70b972b6a5dd29ddcc18999a937d298d7de8a0cf7af | Triage

Submit
Reports

Overview

overview

Static

static

AF01EC6131...9A.exe

windows7_x64

AF01EC6131...9A.exe

windows10_x64

Sharing

General

Target

AF01EC61317D91BC4CE4B70B972B6A5DD29DDCC18999A.exe
Size

4.9MB
Sample

210912-xq9reafefl
MD5

4d9350a29c7677374fbb8bc2e96a77f3
SHA1

1fd63c7af6b2397d2f6616935aafef394f2394ed
SHA256

af01ec61317d91bc4ce4b70b972b6a5dd29ddcc18999a937d298d7de8a0cf7af
SHA512

7b69647225ef9d6d38389cc42a680946b85fc097d8681f715a6d0064dd205e3b743c42af163566071bab3f70b71e89a6e9629f540fd3ee1f5be8b5253876c7f0

Score

10^/10

rms rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

AF01EC61317D91BC4CE4B70B972B6A5DD29DDCC18999A.exe

Resource

win7-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

AF01EC61317D91BC4CE4B70B972B6A5DD29DDCC18999A.exe

Resource

win10-en

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  AF01EC61317D91BC4CE4B70B972B6A5DD29DDCC18999A.exe
- Size
  
  4.9MB
- MD5
  
  4d9350a29c7677374fbb8bc2e96a77f3
- SHA1
  
  1fd63c7af6b2397d2f6616935aafef394f2394ed
- SHA256
  
  af01ec61317d91bc4ce4b70b972b6a5dd29ddcc18999a937d298d7de8a0cf7af
- SHA512
  
  7b69647225ef9d6d38389cc42a680946b85fc097d8681f715a6d0064dd205e3b743c42af163566071bab3f70b71e89a6e9629f540fd3ee1f5be8b5253876c7f0
Score

10^/10

rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy