rms | 1ae82aa9ca4bfcb909bada0f863b66101794fc903f7b74ac3ba4b5d6273431f9 | Triage

Sharing

General

Target

1ae82aa9ca4bfcb909bada0f863b66101794fc903f7b74ac3ba4b5d6273431f9
Size

14.6MB
Sample

220128-14sa3aehdk
MD5

c178f06f0551300180ee4d0ab7e7f09d
SHA1

1bf041b094f5a8f1db87e6b003694fa9b5b7496c
SHA256

1ae82aa9ca4bfcb909bada0f863b66101794fc903f7b74ac3ba4b5d6273431f9
SHA512

e20a870810243af4fae7841d6692764d6e208b52814975bd4a4eab6fdbbab72e1a61220438e887a1ced0c1864469218eb9e363eb73906b35b7c8817326d2d137

Score

10^/10

rms evasion persistence rat trojan

Malware Config

Targets

- Target
  
  1ae82aa9ca4bfcb909bada0f863b66101794fc903f7b74ac3ba4b5d6273431f9
- Size
  
  14.6MB
- MD5
  
  c178f06f0551300180ee4d0ab7e7f09d
- SHA1
  
  1bf041b094f5a8f1db87e6b003694fa9b5b7496c
- SHA256
  
  1ae82aa9ca4bfcb909bada0f863b66101794fc903f7b74ac3ba4b5d6273431f9
- SHA512
  
  e20a870810243af4fae7841d6692764d6e208b52814975bd4a4eab6fdbbab72e1a61220438e887a1ced0c1864469218eb9e363eb73906b35b7c8817326d2d137
Score

10^/10

rms evasion persistence rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionpersistencerattrojan

behavioral2

rmsevasionpersistencerattrojan