rms | 4709b7715f29a8e67f4de4114391fd440a7038bc2aeac2f15741d7eecf1a749c | Triage

Submit
Reports

Overview

overview

Static

static

4709B7715F...AC.exe

windows7_x64

4709B7715F...AC.exe

windows10_x64

Sharing

General

Target

4709B7715F29A8E67F4DE4114391FD440A7038BC2AEAC.exe
Size

10.6MB
Sample

211122-z5lz1aghbk
MD5

3c812375bd2333ff940800eb818c00b4
SHA1

6dfba72690d9da80ea1d583ab6d8deeed2aef1ce
SHA256

4709b7715f29a8e67f4de4114391fd440a7038bc2aeac2f15741d7eecf1a749c
SHA512

e4d50d908725b891e5945cc43e73eb3223066ffe111e8efbf05e3786f2044085d93ce13b94af6f92cb6200e7771c8ab1b81dd526ec89d0e250f95e024db5ea1d

Score

10^/10

rms discovery evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

4709B7715F29A8E67F4DE4114391FD440A7038BC2AEAC.exe

Resource

win7-en-20211104

rms discovery evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4709B7715F29A8E67F4DE4114391FD440A7038BC2AEAC.exe

Resource

win10-en-20211104

rms discovery evasion rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4709B7715F29A8E67F4DE4114391FD440A7038BC2AEAC.exe
- Size
  
  10.6MB
- MD5
  
  3c812375bd2333ff940800eb818c00b4
- SHA1
  
  6dfba72690d9da80ea1d583ab6d8deeed2aef1ce
- SHA256
  
  4709b7715f29a8e67f4de4114391fd440a7038bc2aeac2f15741d7eecf1a749c
- SHA512
  
  e4d50d908725b891e5945cc43e73eb3223066ffe111e8efbf05e3786f2044085d93ce13b94af6f92cb6200e7771c8ab1b81dd526ec89d0e250f95e024db5ea1d
Score

10^/10

rms discovery evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Blocklisted process makes network request
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryevasionrattrojan

behavioral2

rmsdiscoveryevasionrattrojan

© 2018-2025

Terms | Privacy