rms | b2edb4fbce81855d476856b1aa8f298084a4aa6e46b987554dafe8187f5cfab3 | Triage

Submit
Reports

Overview

overview

Static

static

8

b2edb4fbce...b3.exe

windows7_x64

b2edb4fbce...b3.exe

windows10-2004_x64

Sharing

General

Target

b2edb4fbce81855d476856b1aa8f298084a4aa6e46b987554dafe8187f5cfab3
Size

3.9MB
Sample

220427-wks12abghq
MD5

42e5bcd207d5a1e3c2653b7e4395d9fc
SHA1

c64912f0135901d83953aa31dd9878f660af7930
SHA256

b2edb4fbce81855d476856b1aa8f298084a4aa6e46b987554dafe8187f5cfab3
SHA512

945629d88b41154abb1085174b6fea142f1b96a5810eab4a9125f1d6f08c9fd61488b67e75d882ea35b5160860e30b0f1e2a0b2bc9584e66b1ec88ad0afdafcd

Score

10^/10

rms aspackv2 rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b2edb4fbce81855d476856b1aa8f298084a4aa6e46b987554dafe8187f5cfab3.exe

Resource

win7-20220414-en

rms aspackv2 rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b2edb4fbce81855d476856b1aa8f298084a4aa6e46b987554dafe8187f5cfab3.exe

Resource

win10v2004-20220414-en

rms aspackv2 rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b2edb4fbce81855d476856b1aa8f298084a4aa6e46b987554dafe8187f5cfab3
- Size
  
  3.9MB
- MD5
  
  42e5bcd207d5a1e3c2653b7e4395d9fc
- SHA1
  
  c64912f0135901d83953aa31dd9878f660af7930
- SHA256
  
  b2edb4fbce81855d476856b1aa8f298084a4aa6e46b987554dafe8187f5cfab3
- SHA512
  
  945629d88b41154abb1085174b6fea142f1b96a5810eab4a9125f1d6f08c9fd61488b67e75d882ea35b5160860e30b0f1e2a0b2bc9584e66b1ec88ad0afdafcd
Score

10^/10

rms aspackv2 rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsaspackv2rattrojanupx

behavioral2

rmsaspackv2rattrojanupx

© 2018-2025

Terms | Privacy