rms | 59d16c89e7feb175c39275b73449f9499728cbb003eee351b83bbbcfc97c9322 | Triage

Submit
Reports

Overview

overview

Static

static

59d16c89e7...22.exe

windows7_x64

59d16c89e7...22.exe

windows10-2004_x64

8

Sharing

General

Target

59d16c89e7feb175c39275b73449f9499728cbb003eee351b83bbbcfc97c9322
Size

7.6MB
Sample

220508-erqe2sfbd3
MD5

972c473e16673db2c7ca312709e87adc
SHA1

f7411ac1836058913f76cea00d0030baeba567cb
SHA256

59d16c89e7feb175c39275b73449f9499728cbb003eee351b83bbbcfc97c9322
SHA512

7dc0029b1d1ca63a4a55cf13755cfc3f3cf86ad6e489c94446af4c215809e723a61164a0135a2c0e4ec9979b44d6386de71f22e1b64f2714d21d661c64f2214d

Score

10^/10

rms discovery evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

59d16c89e7feb175c39275b73449f9499728cbb003eee351b83bbbcfc97c9322.exe

Resource

win7-20220414-en

rms discovery evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

59d16c89e7feb175c39275b73449f9499728cbb003eee351b83bbbcfc97c9322.exe

Resource

win10v2004-20220414-en

discovery evasion

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  59d16c89e7feb175c39275b73449f9499728cbb003eee351b83bbbcfc97c9322
- Size
  
  7.6MB
- MD5
  
  972c473e16673db2c7ca312709e87adc
- SHA1
  
  f7411ac1836058913f76cea00d0030baeba567cb
- SHA256
  
  59d16c89e7feb175c39275b73449f9499728cbb003eee351b83bbbcfc97c9322
- SHA512
  
  7dc0029b1d1ca63a4a55cf13755cfc3f3cf86ad6e489c94446af4c215809e723a61164a0135a2c0e4ec9979b44d6386de71f22e1b64f2714d21d661c64f2214d
Score

10^/10

rms discovery evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryevasionrattrojan

behavioral2

discoveryevasion

© 2018-2025

Terms | Privacy