rms | f74bedcb4ac33f7343fbbabec0f636b887d92c06e156ac765f345732cf6cbce8 | Triage

Submit
Reports

Overview

overview

Static

static

f74bedcb4a...e8.exe

windows7_x64

f74bedcb4a...e8.exe

windows10_x64

Sharing

General

Target

f74bedcb4ac33f7343fbbabec0f636b887d92c06e156ac765f345732cf6cbce8
Size

3.9MB
Sample

220128-vzc3pahbfm
MD5

0d3e25085527df0160893fdaa00f6565
SHA1

69f308a428c1e96f9a06dd33e21ff4dc13bdc865
SHA256

f74bedcb4ac33f7343fbbabec0f636b887d92c06e156ac765f345732cf6cbce8
SHA512

72a957c33fc434a99be40fe74220a83564565dec727f97c51f1a0b15736ebc193c3194c1f028053df393006e9c68eb61e973b17d8718a0941874dcd78b728bed

Score

10^/10

rms persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

f74bedcb4ac33f7343fbbabec0f636b887d92c06e156ac765f345732cf6cbce8.exe

Resource

win7-en-20211208

rms persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f74bedcb4ac33f7343fbbabec0f636b887d92c06e156ac765f345732cf6cbce8.exe

Resource

win10-en-20211208

rms persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f74bedcb4ac33f7343fbbabec0f636b887d92c06e156ac765f345732cf6cbce8
- Size
  
  3.9MB
- MD5
  
  0d3e25085527df0160893fdaa00f6565
- SHA1
  
  69f308a428c1e96f9a06dd33e21ff4dc13bdc865
- SHA256
  
  f74bedcb4ac33f7343fbbabec0f636b887d92c06e156ac765f345732cf6cbce8
- SHA512
  
  72a957c33fc434a99be40fe74220a83564565dec727f97c51f1a0b15736ebc193c3194c1f028053df393006e9c68eb61e973b17d8718a0941874dcd78b728bed
Score

10^/10

rms persistence rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmspersistencerattrojan

behavioral2

rmspersistencerattrojan

© 2018-2025

Terms | Privacy