rms | 47ac7b3483b7ddf28130b9d5b9e254905a6ceff2d6b82823e7ea815945e6943b | Triage

Submit
Reports

Overview

overview

Static

static

47ac7b3483...3b.exe

windows7_x64

47ac7b3483...3b.exe

windows10_x64

Sharing

General

Target

47ac7b3483b7ddf28130b9d5b9e254905a6ceff2d6b82823e7ea815945e6943b
Size

10.2MB
Sample

220128-z4gc5adgdr
MD5

3da9ce1b9a0f22a68dc27c5050babcef
SHA1

20d50ae4b134f224b5c033888521f0bd62ccb712
SHA256

47ac7b3483b7ddf28130b9d5b9e254905a6ceff2d6b82823e7ea815945e6943b
SHA512

ac888321de4c9e27d71d20cdba3b44114406add039393c5b244fdf2b29198c16dfdf53387a77a63abd87d959fc6d84eb3cbb19e4d5a7a5f12f63268856fc73ec

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

47ac7b3483b7ddf28130b9d5b9e254905a6ceff2d6b82823e7ea815945e6943b.exe

Resource

win7-en-20211208

rms evasion rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

47ac7b3483b7ddf28130b9d5b9e254905a6ceff2d6b82823e7ea815945e6943b.exe

Resource

win10-en-20211208

rms evasion rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  47ac7b3483b7ddf28130b9d5b9e254905a6ceff2d6b82823e7ea815945e6943b
- Size
  
  10.2MB
- MD5
  
  3da9ce1b9a0f22a68dc27c5050babcef
- SHA1
  
  20d50ae4b134f224b5c033888521f0bd62ccb712
- SHA256
  
  47ac7b3483b7ddf28130b9d5b9e254905a6ceff2d6b82823e7ea815945e6943b
- SHA512
  
  ac888321de4c9e27d71d20cdba3b44114406add039393c5b244fdf2b29198c16dfdf53387a77a63abd87d959fc6d84eb3cbb19e4d5a7a5f12f63268856fc73ec
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

rmsevasionrattrojanupx

© 2018-2025

Terms | Privacy