rms | 5f7177a96a170ee2b2aa0f77d22d7a5b5daf0345708c59f62dd2ee62c6fad87e | Triage

Submit
Reports

Overview

overview

Static

static

5f7177a96a...7e.exe

windows7_x64

5f7177a96a...7e.exe

windows10-2004_x64

Sharing

General

Target

5f7177a96a170ee2b2aa0f77d22d7a5b5daf0345708c59f62dd2ee62c6fad87e
Size

7.0MB
Sample

220213-q1pewsadd4
MD5

ee9eade49cd501f616896b006ccfefa0
SHA1

c0860e4a611694d9714eccf75146741090160603
SHA256

5f7177a96a170ee2b2aa0f77d22d7a5b5daf0345708c59f62dd2ee62c6fad87e
SHA512

82a639998dbca10ced823f932c313f860aa88725555ce799a474d48a8bd712742639782ed4ab89384a00639dae3632e15a41766dabf7a0f8990dea97eb3fee46

Score

10^/10

rms evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

5f7177a96a170ee2b2aa0f77d22d7a5b5daf0345708c59f62dd2ee62c6fad87e.exe

Resource

win7-en-20211208

rms evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5f7177a96a170ee2b2aa0f77d22d7a5b5daf0345708c59f62dd2ee62c6fad87e.exe

Resource

win10v2004-en-20220112

rms evasion rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  5f7177a96a170ee2b2aa0f77d22d7a5b5daf0345708c59f62dd2ee62c6fad87e
- Size
  
  7.0MB
- MD5
  
  ee9eade49cd501f616896b006ccfefa0
- SHA1
  
  c0860e4a611694d9714eccf75146741090160603
- SHA256
  
  5f7177a96a170ee2b2aa0f77d22d7a5b5daf0345708c59f62dd2ee62c6fad87e
- SHA512
  
  82a639998dbca10ced823f932c313f860aa88725555ce799a474d48a8bd712742639782ed4ab89384a00639dae3632e15a41766dabf7a0f8990dea97eb3fee46
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionrattrojan

behavioral2

rmsevasionrattrojan

© 2018-2025

Terms | Privacy