rms | 8f4a0a1c651b7e50efb2883b1f8392771b5c36553127b3a216ed3a483cef0dec | Triage

Sharing

General

Target

8f4a0a1c651b7e50efb2883b1f8392771b5c36553127b3a216ed3a483cef0dec
Size

5.0MB
Sample

220309-v8dqkseaer
MD5

06f4968bbe4bc2595432073659abdb12
SHA1

89e4f5a320643818011c0c22017a866f6fe0198f
SHA256

8f4a0a1c651b7e50efb2883b1f8392771b5c36553127b3a216ed3a483cef0dec
SHA512

f15f337793f58ead1817c68d3cecf6189d6027773707a96733ab6c93591f9e286eac28274cba3ee8d86a2b6309ce5b479233fd4372b1c0ff8fb64307c3a8d9b9

Score

10^/10

rms evasion rat trojan

Malware Config

Targets

- Target
  
  8f4a0a1c651b7e50efb2883b1f8392771b5c36553127b3a216ed3a483cef0dec
- Size
  
  5.0MB
- MD5
  
  06f4968bbe4bc2595432073659abdb12
- SHA1
  
  89e4f5a320643818011c0c22017a866f6fe0198f
- SHA256
  
  8f4a0a1c651b7e50efb2883b1f8392771b5c36553127b3a216ed3a483cef0dec
- SHA512
  
  f15f337793f58ead1817c68d3cecf6189d6027773707a96733ab6c93591f9e286eac28274cba3ee8d86a2b6309ce5b479233fd4372b1c0ff8fb64307c3a8d9b9
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionrattrojan

behavioral2

rmsevasionrattrojan