rms | 19f28d00098dfa8146bec64dd3545fad8fb83c239cc7b723eaaba8ae2ab77167 | Triage

Submit
Reports

Overview

overview

Static

static

19f28d0009...67.exe

windows7_x64

19f28d0009...67.exe

windows10_x64

Sharing

General

Target

19f28d00098dfa8146bec64dd3545fad8fb83c239cc7b723eaaba8ae2ab77167
Size

5.9MB
Sample

220127-1qrglsbgg5
MD5

23ef883914f616ad2e344670d1f5c50c
SHA1

0ad839ab1744b516e999b2e48b6758392be7bd4c
SHA256

19f28d00098dfa8146bec64dd3545fad8fb83c239cc7b723eaaba8ae2ab77167
SHA512

5cf22827e9300a413b85b35de17b060299512cdc5152d6033ead59fab2aa1d8b2a2c5ec0411f74af0f263c69c1f5f6ae7081e460387e3427924a6121c1200e38

Score

10^/10

rms evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

19f28d00098dfa8146bec64dd3545fad8fb83c239cc7b723eaaba8ae2ab77167.exe

Resource

win7-en-20211208

rms evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

19f28d00098dfa8146bec64dd3545fad8fb83c239cc7b723eaaba8ae2ab77167.exe

Resource

win10-en-20211208

rms evasion persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  19f28d00098dfa8146bec64dd3545fad8fb83c239cc7b723eaaba8ae2ab77167
- Size
  
  5.9MB
- MD5
  
  23ef883914f616ad2e344670d1f5c50c
- SHA1
  
  0ad839ab1744b516e999b2e48b6758392be7bd4c
- SHA256
  
  19f28d00098dfa8146bec64dd3545fad8fb83c239cc7b723eaaba8ae2ab77167
- SHA512
  
  5cf22827e9300a413b85b35de17b060299512cdc5152d6033ead59fab2aa1d8b2a2c5ec0411f74af0f263c69c1f5f6ae7081e460387e3427924a6121c1200e38
Score

10^/10

rms evasion persistence rat trojan
- Modifies WinLogon for persistence
  persistence
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionpersistencerattrojan

behavioral2

rmsevasionpersistencerattrojan

© 2018-2025

Terms | Privacy