rms | 52271a574f4c52f112b22d9a13c8a63924c069cb311a64ce58382e497f81602c | Triage

Submit
Reports

Overview

overview

Static

static

52271a574f...2c.exe

windows7_x64

52271a574f...2c.exe

windows10-2004_x64

Sharing

General

Target

52271a574f4c52f112b22d9a13c8a63924c069cb311a64ce58382e497f81602c
Size

21.3MB
Sample

220326-jaz1daaab6
MD5

591b70bb39ae6201841a62b12d0dd2d8
SHA1

fb9eef4e415956063bc59d8c7b0a9ca487ce1015
SHA256

52271a574f4c52f112b22d9a13c8a63924c069cb311a64ce58382e497f81602c
SHA512

53ea11e218fbb6d4800212e9f46287e5fe7227ade5f119404cdb2e26801321c079d81b15ccfc0dcd7bd83c6d7039b242d54e655c3ecdce9418727b97059009d8

Score

10^/10

rms evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

52271a574f4c52f112b22d9a13c8a63924c069cb311a64ce58382e497f81602c.exe

Resource

win7-20220310-en

rms evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

52271a574f4c52f112b22d9a13c8a63924c069cb311a64ce58382e497f81602c.exe

Resource

win10v2004-20220310-en

rms evasion rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  52271a574f4c52f112b22d9a13c8a63924c069cb311a64ce58382e497f81602c
- Size
  
  21.3MB
- MD5
  
  591b70bb39ae6201841a62b12d0dd2d8
- SHA1
  
  fb9eef4e415956063bc59d8c7b0a9ca487ce1015
- SHA256
  
  52271a574f4c52f112b22d9a13c8a63924c069cb311a64ce58382e497f81602c
- SHA512
  
  53ea11e218fbb6d4800212e9f46287e5fe7227ade5f119404cdb2e26801321c079d81b15ccfc0dcd7bd83c6d7039b242d54e655c3ecdce9418727b97059009d8
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionrattrojan

behavioral2

rmsevasionrattrojan

© 2018-2025

Terms | Privacy