rms | cb7f487a64b11b3eb26e0f597b2c195835285850a24c23b6534d4d6d8d67af6c | Triage

Submit
Reports

Overview

overview

Static

static

cb7f487a64...6c.exe

windows7_x64

cb7f487a64...6c.exe

windows10-2004_x64

Sharing

General

Target

cb7f487a64b11b3eb26e0f597b2c195835285850a24c23b6534d4d6d8d67af6c
Size

7.0MB
Sample

220213-mftx4aggf7
MD5

48cfce9208c54152ff881406ffbd537a
SHA1

04dacfa4e3a9e2dd57f4cab92a8d11b9e6ee4901
SHA256

cb7f487a64b11b3eb26e0f597b2c195835285850a24c23b6534d4d6d8d67af6c
SHA512

2505c1d48373fbf7ddc708a8b5b912028edec94abbea4b103d37b3e240d12582c31f846caebc378f69ec5a06e7e9387b93184edd1edf5e90b50fd072716f2dc0

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

cb7f487a64b11b3eb26e0f597b2c195835285850a24c23b6534d4d6d8d67af6c.exe

Resource

win7-en-20211208

rms evasion rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cb7f487a64b11b3eb26e0f597b2c195835285850a24c23b6534d4d6d8d67af6c.exe

Resource

win10v2004-en-20220112

rms evasion rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  cb7f487a64b11b3eb26e0f597b2c195835285850a24c23b6534d4d6d8d67af6c
- Size
  
  7.0MB
- MD5
  
  48cfce9208c54152ff881406ffbd537a
- SHA1
  
  04dacfa4e3a9e2dd57f4cab92a8d11b9e6ee4901
- SHA256
  
  cb7f487a64b11b3eb26e0f597b2c195835285850a24c23b6534d4d6d8d67af6c
- SHA512
  
  2505c1d48373fbf7ddc708a8b5b912028edec94abbea4b103d37b3e240d12582c31f846caebc378f69ec5a06e7e9387b93184edd1edf5e90b50fd072716f2dc0
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Allows Network login with blank passwords
  Allows local user accounts with blank passwords to access device from the network.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

rmsevasionrattrojanupx

© 2018-2025

Terms | Privacy