rms | 45d4a263dd703688cb52e0c1e62bf25b40e45cbaa83fbc3f85d35e8217691dba | Triage

Submit
Reports

Overview

overview

Static

static

TRNX_DTD_2...ll.dll

windows10_x64

Sharing

General

Target

TRNX_DTD_20_09_2021.zip
Size

8KB
Sample

210920-kv7rdsgbej
MD5

ec3699a2d32f8785ed73e59346844984
SHA1

9723ebb825e03915b4c26e20c50ae963cca5398c
SHA256

45d4a263dd703688cb52e0c1e62bf25b40e45cbaa83fbc3f85d35e8217691dba
SHA512

1811d04500191ba62713382bf3ce64d914203c2b4ed183d2c2b43c08c3ee87e48f19b1010b3a0b8afd71cb230a2e2b9c3e3ecdd4078e1a638c1e7243d371a2fa

Score

10^/10

rms rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

TRNX_DTD_20_09_2021.xll.dll

Resource

win10-en

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  TRNX_DTD_20_09_2021.xll
- Size
  
  16KB
- MD5
  
  7d20f760b34575272b3ad4ae3dd12741
- SHA1
  
  fd2e65157856cc2886bd82376e7f86c3a6c557e7
- SHA256
  
  30e8f7a9972ed5bd973086dc59bc8232508889dc9c51bd1274831e5fd2bbd35f
- SHA512
  
  0abd5e877aeb51034f854fabe9ca13f306896cd7cdfccaa69fbe288faf7d76ce9195fb6e968e36213b97ac2eeefa10a9d0dae91d7ca8bc5445812a9303d64176
Score

10^/10

rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy