rms | d323807515f83943d6b6a268a39feef1b61b0c2db5de5e2bb6d2cb5ad78d5a20 | Triage

Submit
Reports

Overview

overview

Static

static

d323807515...20.exe

windows7_x64

d323807515...20.exe

windows10-2004_x64

8

Sharing

General

Target

d323807515f83943d6b6a268a39feef1b61b0c2db5de5e2bb6d2cb5ad78d5a20
Size

8.1MB
Sample

220319-qjx1psagd4
MD5

89e13b57f61901ec9137dd7ed11dad01
SHA1

62f2de5d10c001e69dcd8958eb52bec31caec16d
SHA256

d323807515f83943d6b6a268a39feef1b61b0c2db5de5e2bb6d2cb5ad78d5a20
SHA512

2feeb0463b386517dee8e7d3488f2cb89059b7c614e3abc8c02576bad2ac53e33619da139658d321869c62cd2184d14ba95a3cfa451eebde4547a0ba54ccd873

Score

10^/10

rms aspackv2 evasion persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

d323807515f83943d6b6a268a39feef1b61b0c2db5de5e2bb6d2cb5ad78d5a20.exe

Resource

win7-20220310-en

rms aspackv2 evasion persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d323807515f83943d6b6a268a39feef1b61b0c2db5de5e2bb6d2cb5ad78d5a20.exe

Resource

win10v2004-20220310-en

evasion persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d323807515f83943d6b6a268a39feef1b61b0c2db5de5e2bb6d2cb5ad78d5a20
- Size
  
  8.1MB
- MD5
  
  89e13b57f61901ec9137dd7ed11dad01
- SHA1
  
  62f2de5d10c001e69dcd8958eb52bec31caec16d
- SHA256
  
  d323807515f83943d6b6a268a39feef1b61b0c2db5de5e2bb6d2cb5ad78d5a20
- SHA512
  
  2feeb0463b386517dee8e7d3488f2cb89059b7c614e3abc8c02576bad2ac53e33619da139658d321869c62cd2184d14ba95a3cfa451eebde4547a0ba54ccd873
Score

10^/10

rms aspackv2 evasion persistence rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsaspackv2evasionpersistencerattrojanupx

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy