rms | 9e53945f65d0528540a52741bde298a2626582e684f56ddd0f4e534e13491c12 | Triage

Submit
Reports

Overview

overview

Static

static

9e53945f65...12.exe

windows7_x64

9e53945f65...12.exe

windows10-2004_x64

Sharing

General

Target

9e53945f65d0528540a52741bde298a2626582e684f56ddd0f4e534e13491c12
Size

6.2MB
Sample

220415-fhywhaheg2
MD5

ab92d1376a186f27c4e5440843173020
SHA1

9aebb2a37972d52c671985f9833c820934fa96d3
SHA256

9e53945f65d0528540a52741bde298a2626582e684f56ddd0f4e534e13491c12
SHA512

f7e05d9c1723446e31bed30ffd22563dc03880aabdc8fbe37b70e7fcba68dba933ad1bd5f44a0d6a66df01519178bcee653b0273d1c55fdedb273a1fa85f0a48

Score

10^/10

rms persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

9e53945f65d0528540a52741bde298a2626582e684f56ddd0f4e534e13491c12.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9e53945f65d0528540a52741bde298a2626582e684f56ddd0f4e534e13491c12.exe

Resource

win10v2004-20220414-en

rms persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9e53945f65d0528540a52741bde298a2626582e684f56ddd0f4e534e13491c12
- Size
  
  6.2MB
- MD5
  
  ab92d1376a186f27c4e5440843173020
- SHA1
  
  9aebb2a37972d52c671985f9833c820934fa96d3
- SHA256
  
  9e53945f65d0528540a52741bde298a2626582e684f56ddd0f4e534e13491c12
- SHA512
  
  f7e05d9c1723446e31bed30ffd22563dc03880aabdc8fbe37b70e7fcba68dba933ad1bd5f44a0d6a66df01519178bcee653b0273d1c55fdedb273a1fa85f0a48
Score

10^/10

rms rat trojan persistence
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Registers COM server for autorun
  persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rmspersistencerattrojan

© 2018-2025

Terms | Privacy