rms | a73eac15797130c381b5b4a65c3fb1cfc723b1586a1882c981211787bba285a6 | Triage

Submit
Reports

Overview

overview

Static

static

a73eac1579...a6.exe

windows7_x64

a73eac1579...a6.exe

windows10_x64

Sharing

General

Target

a73eac15797130c381b5b4a65c3fb1cfc723b1586a1882c981211787bba285a6
Size

6.8MB
Sample

220128-r4yy6sfbf9
MD5

9fcff92538e35cd213a576d82e318c74
SHA1

7cfe1ab0593d8607887cc0aa64d6c429ad1764c5
SHA256

a73eac15797130c381b5b4a65c3fb1cfc723b1586a1882c981211787bba285a6
SHA512

a8cc6a6911267deb3f412fc1e2c7e24c099104012ee72fd713b44b92aec67e1d85b273bfb2ac2d44c12fbaf50bd00199815eecca0dfd8b32faad66829e98505f

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

a73eac15797130c381b5b4a65c3fb1cfc723b1586a1882c981211787bba285a6.exe

Resource

win7-en-20211208

rms evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a73eac15797130c381b5b4a65c3fb1cfc723b1586a1882c981211787bba285a6.exe

Resource

win10-en-20211208

rms evasion rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a73eac15797130c381b5b4a65c3fb1cfc723b1586a1882c981211787bba285a6
- Size
  
  6.8MB
- MD5
  
  9fcff92538e35cd213a576d82e318c74
- SHA1
  
  7cfe1ab0593d8607887cc0aa64d6c429ad1764c5
- SHA256
  
  a73eac15797130c381b5b4a65c3fb1cfc723b1586a1882c981211787bba285a6
- SHA512
  
  a8cc6a6911267deb3f412fc1e2c7e24c099104012ee72fd713b44b92aec67e1d85b273bfb2ac2d44c12fbaf50bd00199815eecca0dfd8b32faad66829e98505f
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

rmsevasionrattrojan

behavioral2

rmsevasionrattrojanupx

© 2018-2025

Terms | Privacy