rms | 0b9ee1d8605aac2a861b474a38d4147cbf40cf36b1d87f9c582c1bd2a5c43e94 | Triage

Submit
Reports

Overview

overview

Static

static

0b9ee1d860...94.exe

windows7_x64

0b9ee1d860...94.exe

windows10-2004_x64

Sharing

General

Target

0b9ee1d8605aac2a861b474a38d4147cbf40cf36b1d87f9c582c1bd2a5c43e94
Size

7.7MB
Sample

220427-v7g2lsbbgj
MD5

66a3d9e5c35a7497da6f8dd19061aace
SHA1

9a4dc67f33b04d7e61616bf645aebed039034e8a
SHA256

0b9ee1d8605aac2a861b474a38d4147cbf40cf36b1d87f9c582c1bd2a5c43e94
SHA512

2aa19be745c6839a952ccffbdd56e681f096f80bf3d5aa954a10f6ee3a02e0bcb7b22a052d9b9f4278045920817b00b905d175532352866aa35fb4babe9b5550

Score

10^/10

rms discovery evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

0b9ee1d8605aac2a861b474a38d4147cbf40cf36b1d87f9c582c1bd2a5c43e94.exe

Resource

win7-20220414-en

rms discovery evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0b9ee1d8605aac2a861b474a38d4147cbf40cf36b1d87f9c582c1bd2a5c43e94.exe

Resource

win10v2004-20220414-en

rms discovery evasion rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0b9ee1d8605aac2a861b474a38d4147cbf40cf36b1d87f9c582c1bd2a5c43e94
- Size
  
  7.7MB
- MD5
  
  66a3d9e5c35a7497da6f8dd19061aace
- SHA1
  
  9a4dc67f33b04d7e61616bf645aebed039034e8a
- SHA256
  
  0b9ee1d8605aac2a861b474a38d4147cbf40cf36b1d87f9c582c1bd2a5c43e94
- SHA512
  
  2aa19be745c6839a952ccffbdd56e681f096f80bf3d5aa954a10f6ee3a02e0bcb7b22a052d9b9f4278045920817b00b905d175532352866aa35fb4babe9b5550
Score

10^/10

rms discovery evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryevasionrattrojan

behavioral2

rmsdiscoveryevasionrattrojan

© 2018-2025

Terms | Privacy