rms | bf4182178ba2625f04c85d52f97fa88c4cfb15e7161f0343b056efc84ddf5eec | Triage

Submit
Reports

Overview

overview

Static

static

bf4182178b...ec.exe

windows7_x64

bf4182178b...ec.exe

windows10_x64

Sharing

General

Target

bf4182178ba2625f04c85d52f97fa88c4cfb15e7161f0343b056efc84ddf5eec
Size

4.0MB
Sample

220128-w781rsagh7
MD5

8721701be0cdc7029182765f1612ee6c
SHA1

855a9d88478538751e5a6cea832a0ddbcb60e308
SHA256

bf4182178ba2625f04c85d52f97fa88c4cfb15e7161f0343b056efc84ddf5eec
SHA512

c35fcd56894c80f36a492fab2fc44ec5574f14ab4d99f5dd8eddee12ec58498fe1d2ce2e18684cbfd33f3c7c11630111aaf9cd410ea6a7251c803758185fea20

Score

10^/10

rms persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

bf4182178ba2625f04c85d52f97fa88c4cfb15e7161f0343b056efc84ddf5eec.exe

Resource

win7-en-20211208

rms persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bf4182178ba2625f04c85d52f97fa88c4cfb15e7161f0343b056efc84ddf5eec.exe

Resource

win10-en-20211208

rms persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bf4182178ba2625f04c85d52f97fa88c4cfb15e7161f0343b056efc84ddf5eec
- Size
  
  4.0MB
- MD5
  
  8721701be0cdc7029182765f1612ee6c
- SHA1
  
  855a9d88478538751e5a6cea832a0ddbcb60e308
- SHA256
  
  bf4182178ba2625f04c85d52f97fa88c4cfb15e7161f0343b056efc84ddf5eec
- SHA512
  
  c35fcd56894c80f36a492fab2fc44ec5574f14ab4d99f5dd8eddee12ec58498fe1d2ce2e18684cbfd33f3c7c11630111aaf9cd410ea6a7251c803758185fea20
Score

10^/10

rms persistence rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmspersistencerattrojan

behavioral2

rmspersistencerattrojan

© 2018-2025

Terms | Privacy