rms | c0fa50e99ca5a647cedd2de2249a5fef57a57d472d9d4c13c2c14fb035ae102c | Triage

Submit
Reports

Overview

overview

Static

static

c0fa50e99c...2c.exe

windows7_x64

c0fa50e99c...2c.exe

windows10_x64

Sharing

General

Target

c0fa50e99ca5a647cedd2de2249a5fef57a57d472d9d4c13c2c14fb035ae102c
Size

3.0MB
Sample

220128-w6z2gaagf6
MD5

247cd82809d239cf7d8c3e472b43e3e7
SHA1

2ef3e60e79033c63085c4b6841fca302796a31db
SHA256

c0fa50e99ca5a647cedd2de2249a5fef57a57d472d9d4c13c2c14fb035ae102c
SHA512

61ba7f65157890bdbfc5d3915e3dcbf651be2afacac156b179561f80ae823d75dbb22710e938508152294fb587472f778d029a0b912757b78aaee744a917f38b

Score

10^/10

rms persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

c0fa50e99ca5a647cedd2de2249a5fef57a57d472d9d4c13c2c14fb035ae102c.exe

Resource

win7-en-20211208

rms persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c0fa50e99ca5a647cedd2de2249a5fef57a57d472d9d4c13c2c14fb035ae102c.exe

Resource

win10-en-20211208

rms persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c0fa50e99ca5a647cedd2de2249a5fef57a57d472d9d4c13c2c14fb035ae102c
- Size
  
  3.0MB
- MD5
  
  247cd82809d239cf7d8c3e472b43e3e7
- SHA1
  
  2ef3e60e79033c63085c4b6841fca302796a31db
- SHA256
  
  c0fa50e99ca5a647cedd2de2249a5fef57a57d472d9d4c13c2c14fb035ae102c
- SHA512
  
  61ba7f65157890bdbfc5d3915e3dcbf651be2afacac156b179561f80ae823d75dbb22710e938508152294fb587472f778d029a0b912757b78aaee744a917f38b
Score

10^/10

rms persistence rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmspersistencerattrojan

behavioral2

rmspersistencerattrojan

© 2018-2025

Terms | Privacy