rms | 29387fe801f8473709ba8c3263b5f8d7ff0e6368f066d3533a62d382ef9e79fe | Triage

Sharing

General

Target

29387fe801f8473709ba8c3263b5f8d7ff0e6368f066d3533a62d382ef9e79fe
Size

5.7MB
Sample

220317-bdvwtsgahp
MD5

5739d0bc5c58a3278c873b24cd3e4940
SHA1

0792a928011c27de6f7983500c2ccfc543f88571
SHA256

29387fe801f8473709ba8c3263b5f8d7ff0e6368f066d3533a62d382ef9e79fe
SHA512

6be3e0f52e287cd13221e76e0f12118aabe5edb2bf7fab9ea97d3465d64bcf9520ae68185a88fd3ade994e2e393f3bbe2d9a41ffa3d739fdc8fe56f6e1817113

Score

10^/10

rms aspackv2 evasion rat trojan

Malware Config

Targets

- Target
  
  install.bat
- Size
  
  1KB
- MD5
  
  125b0e626d1babc93c042cf84dd33c05
- SHA1
  
  d5f01d546be84337306306f71e6bc612442481d8
- SHA256
  
  8df26877285b0fb8dd52db09da874c24c02e9f1a4d6794752d6ac556e4f927b3
- SHA512
  
  e6213ef36cc70cc257b671f9dbf590c96e5bcd02196b1de90b2b7be019035f2a859c98003be963983a0f86cf6695aed1db3a3e26b22c1f49bca79d1af9cc6ca5
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  install.vbs
- Size
  
  120B
- MD5
  
  c719a030434d3fa96d62868f27e904a6
- SHA1
  
  f2f750a752dd1fda8915a47b082af7cf2d3e3655
- SHA256
  
  2696ee4302a85c6b4101fc6d1ce8e38b94fd9c2bbd1acc73b553576b3aacb92f
- SHA512
  
  47a9367f7596d19c0636766cd34ca3701d3b1239a284f2333fd04a48422f53b0df21002fd38a4f229f6a2f9f9e8163267e13ecb24d9ce6de1863d5f59ab04ff0
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  mailsend.exe
- Size
  
  1.2MB
- MD5
  
  ac23b87f8ec60ddd3f555556f89a6af8
- SHA1
  
  3cea6f84757d15ee8d7fa19d3dfc4992c50aa90c
- SHA256
  
  80a1d0a15066c7af67cf5377e59e450c2a96018505236f8f3352173282b27ae4
- SHA512
  
  57e67eab9c2a3b94161500eb0091533a539454e9bfddd47c61477299de9455b7ca11c498c5d8a7d77f4763a2053acb4ff96868a9313fede29969edc16d35b167
Score

1^/10
behavioral5 behavioral6
- Target
  
  rfusclient.exe
- Size
  
  1.5MB
- MD5
  
  b8667a1e84567fcf7821bcefb6a444af
- SHA1
  
  9c1f91fe77ad357c8f81205d65c9067a270d61f0
- SHA256
  
  dc9d875e659421a51addd8e8a362c926369e84320ab0c5d8bbb1e4d12d372fc9
- SHA512
  
  ec6af663a3b41719d684f04504746f91196105ef6f8baa013b4bd02df6684eca49049d5517691f8e3a4ba6351fe35545a27f728b1d29d949e950d574a012f852
Score

1^/10
behavioral7 behavioral8
- Target
  
  rutserv.exe
- Size
  
  9.5MB
- MD5
  
  d10dae1197db0b694c832ae512b34024
- SHA1
  
  24757c07c814d53ded645547bc53e29c98919077
- SHA256
  
  74892811c87f574aea6d8b3a5419845a58096deaece96a9c6f06e5ad4f8859be
- SHA512
  
  f968b9084c51aa3b4f24cf99ee0d354f323d435ad7c15a884bf16dc3b8d67f721d4c7bb5f111a44033a15d820f58e813e0dccbf1f84bd3ca736a0c57bd98395e
Score

10^/10

rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral9 behavioral10
- Target
  
  vp8decoder.dll
- Size
  
  380KB
- MD5
  
  1ea62293ac757a0c2b64e632f30db636
- SHA1
  
  8c8ac6f8f28f432a514c3a43ea50c90daf66bfba
- SHA256
  
  970cb3e00fa68daec266cd0aa6149d3604cb696853772f20ad67555a2114d5df
- SHA512
  
  857872a260cd590bd533b5d72e6e830bb0e4e037cb6749bb7d6e1239297f21606cdbe4a0fb1492cdead6f46c88dd9eb6fab5c6e17029f7df5231cefc21fa35ab
Score

1^/10
behavioral11 behavioral12
- Target
  
  vp8encoder.dll
- Size
  
  1.6MB
- MD5
  
  89770647609ac26c1bbd9cf6ed50954e
- SHA1
  
  349eed120070bab7e96272697b39e786423ac1d3
- SHA256
  
  7b4fc8e104914cdd6a7bf3f05c0d7197cfcd30a741cc0856155f2c74e62005a4
- SHA512
  
  a98688f1c80ca79ee8d15d680a61420ffb49f55607fa25711925735d0e8dbc21f3b13d470f22e0829c72a66a798eee163411b2f078113ad8153eed98ef37a2cc
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionrattrojan

behavioral2

rmsevasionrattrojan

behavioral3

rmsevasionrattrojan

behavioral4

rmsevasionrattrojan

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14