rms | d970b41099d916b86fce2da5574054f2fb7e42f386a5aefe9a9793071307ea3a | Triage

Submit
Reports

Overview

overview

Static

static

d970b41099...3a.exe

windows7_x64

d970b41099...3a.exe

windows10-2004_x64

Sharing

General

Target

d970b41099d916b86fce2da5574054f2fb7e42f386a5aefe9a9793071307ea3a
Size

9.3MB
Sample

220314-cmfnyadhcr
MD5

974e935a91b133666e1cd10901d5cfaf
SHA1

eabd2136a8870cba64e969fd5cedccf58d6c5b2c
SHA256

d970b41099d916b86fce2da5574054f2fb7e42f386a5aefe9a9793071307ea3a
SHA512

4964bb2ca9ebad86904fad3f8276bd239814a39392af6d61ef8bf2bdf7ca0c04f8aa6697ffe911bc367017f59813e2d2d3150d9b11fd12090619670660c12990

Score

10^/10

rms aspackv2 evasion persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

d970b41099d916b86fce2da5574054f2fb7e42f386a5aefe9a9793071307ea3a.exe

Resource

win7-20220310-en

rms aspackv2 evasion persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d970b41099d916b86fce2da5574054f2fb7e42f386a5aefe9a9793071307ea3a.exe

Resource

win10v2004-en-20220113

rms aspackv2 evasion persistence rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d970b41099d916b86fce2da5574054f2fb7e42f386a5aefe9a9793071307ea3a
- Size
  
  9.3MB
- MD5
  
  974e935a91b133666e1cd10901d5cfaf
- SHA1
  
  eabd2136a8870cba64e969fd5cedccf58d6c5b2c
- SHA256
  
  d970b41099d916b86fce2da5574054f2fb7e42f386a5aefe9a9793071307ea3a
- SHA512
  
  4964bb2ca9ebad86904fad3f8276bd239814a39392af6d61ef8bf2bdf7ca0c04f8aa6697ffe911bc367017f59813e2d2d3150d9b11fd12090619670660c12990
Score

10^/10

rms aspackv2 evasion persistence rat trojan upx
- Modifies system executable filetype association
  persistence
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- UAC bypass
  evasion trojan
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsaspackv2evasionpersistencerattrojanupx

behavioral2

rmsaspackv2evasionpersistencerattrojanupx

© 2018-2025

Terms | Privacy