rms | faf7b36afcd23116c4c15910fad9f3516d15bbfd32d5abb6349f1a433a19c253 | Triage

Submit
Reports

Overview

overview

Static

static

8

faf7b36afc...53.exe

windows7_x64

faf7b36afc...53.exe

windows10-2004_x64

Sharing

General

Target

faf7b36afcd23116c4c15910fad9f3516d15bbfd32d5abb6349f1a433a19c253
Size

6.1MB
Sample

220507-z4k2bahehm
MD5

271d2687fb8b495544eb73d3219acfc4
SHA1

80d3310c738fa942853762aa312cdf1c9aeb887b
SHA256

faf7b36afcd23116c4c15910fad9f3516d15bbfd32d5abb6349f1a433a19c253
SHA512

e16ec9a444e0c78b2c9fa7342af011615531025c87180e5ad3122f07d1783433301e6d34549ef09011c1044d733063eb3b85928f3ed48fa725aa52ec6c25a849

Score

10^/10

rms aspackv2 evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

faf7b36afcd23116c4c15910fad9f3516d15bbfd32d5abb6349f1a433a19c253.exe

Resource

win7-20220414-en

rms evasion rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

faf7b36afcd23116c4c15910fad9f3516d15bbfd32d5abb6349f1a433a19c253.exe

Resource

win10v2004-20220414-en

rms evasion rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  faf7b36afcd23116c4c15910fad9f3516d15bbfd32d5abb6349f1a433a19c253
- Size
  
  6.1MB
- MD5
  
  271d2687fb8b495544eb73d3219acfc4
- SHA1
  
  80d3310c738fa942853762aa312cdf1c9aeb887b
- SHA256
  
  faf7b36afcd23116c4c15910fad9f3516d15bbfd32d5abb6349f1a433a19c253
- SHA512
  
  e16ec9a444e0c78b2c9fa7342af011615531025c87180e5ad3122f07d1783433301e6d34549ef09011c1044d733063eb3b85928f3ed48fa725aa52ec6c25a849
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

rmsevasionrattrojanupx

© 2018-2025

Terms | Privacy