rms | 6016d62ee9ee6150f925bfa2369509d66f244c7912a9a3e0f44f15fd29054500 | Triage

Submit
Reports

Overview

overview

Static

static

6016d62ee9...00.exe

windows7_x64

6016d62ee9...00.exe

windows10-2004_x64

Sharing

General

Target

6016d62ee9ee6150f925bfa2369509d66f244c7912a9a3e0f44f15fd29054500
Size

2.8MB
Sample

220213-qz3wwscdfn
MD5

77fbf45826b6dccfcdd40eba740d4c16
SHA1

014ccf125bae774fc3f49798050f0d2672afa10b
SHA256

6016d62ee9ee6150f925bfa2369509d66f244c7912a9a3e0f44f15fd29054500
SHA512

aab791168304aca292e31ca82249444d95aeac87b8ed0e1861853debd1aba4a9145f3202db8a0e7d6f7002725ee32e236871dde5b30a52937d8fffd4a71e3edc

Score

10^/10

rms evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

6016d62ee9ee6150f925bfa2369509d66f244c7912a9a3e0f44f15fd29054500.exe

Resource

win7-en-20211208

rms evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6016d62ee9ee6150f925bfa2369509d66f244c7912a9a3e0f44f15fd29054500.exe

Resource

win10v2004-en-20220113

rms evasion rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  6016d62ee9ee6150f925bfa2369509d66f244c7912a9a3e0f44f15fd29054500
- Size
  
  2.8MB
- MD5
  
  77fbf45826b6dccfcdd40eba740d4c16
- SHA1
  
  014ccf125bae774fc3f49798050f0d2672afa10b
- SHA256
  
  6016d62ee9ee6150f925bfa2369509d66f244c7912a9a3e0f44f15fd29054500
- SHA512
  
  aab791168304aca292e31ca82249444d95aeac87b8ed0e1861853debd1aba4a9145f3202db8a0e7d6f7002725ee32e236871dde5b30a52937d8fffd4a71e3edc
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionrattrojan

behavioral2

rmsevasionrattrojan

© 2018-2025

Terms | Privacy