rms | c064d09a297505651165e233a9e2d2334a8d17dc704c04ef1c94c00e9210b5f6 | Triage

Submit
Reports

Overview

overview

Static

static

c064d09a29...f6.exe

windows7_x64

c064d09a29...f6.exe

windows10-2004_x64

Sharing

General

Target

c064d09a297505651165e233a9e2d2334a8d17dc704c04ef1c94c00e9210b5f6
Size

6.9MB
Sample

220502-v4jq2abeh2
MD5

4d6acaebfb4796437e1d47ed47181077
SHA1

3c10a174e0c343cefbeaa5f034d6a83c70143f2c
SHA256

c064d09a297505651165e233a9e2d2334a8d17dc704c04ef1c94c00e9210b5f6
SHA512

7653185adbf7345a541b5833b4c6cf3906fd1624b7c66c18fb8e1e48e9e8947b87cca07d35b07cb408324c75ab7be292bd79c08a374a22b1fa80ab9fffb590ca

Score

10^/10

rms aspackv2 rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

c064d09a297505651165e233a9e2d2334a8d17dc704c04ef1c94c00e9210b5f6.exe

Resource

win7-20220414-en

rms aspackv2 rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c064d09a297505651165e233a9e2d2334a8d17dc704c04ef1c94c00e9210b5f6.exe

Resource

win10v2004-20220414-en

rms aspackv2 rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c064d09a297505651165e233a9e2d2334a8d17dc704c04ef1c94c00e9210b5f6
- Size
  
  6.9MB
- MD5
  
  4d6acaebfb4796437e1d47ed47181077
- SHA1
  
  3c10a174e0c343cefbeaa5f034d6a83c70143f2c
- SHA256
  
  c064d09a297505651165e233a9e2d2334a8d17dc704c04ef1c94c00e9210b5f6
- SHA512
  
  7653185adbf7345a541b5833b4c6cf3906fd1624b7c66c18fb8e1e48e9e8947b87cca07d35b07cb408324c75ab7be292bd79c08a374a22b1fa80ab9fffb590ca
Score

10^/10

rms aspackv2 rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsaspackv2rattrojanupx

behavioral2

rmsaspackv2rattrojanupx

© 2018-2025

Terms | Privacy