rms | 3f7dab7cdfdb383c4d7b5f950e1336eb41e3288c958ba4936419d41a40bbd31c | Triage

Submit
Reports

Overview

overview

Static

static

3f7dab7cdf...1c.exe

windows7_x64

8

3f7dab7cdf...1c.exe

windows10-2004_x64

Sharing

General

Target

3f7dab7cdfdb383c4d7b5f950e1336eb41e3288c958ba4936419d41a40bbd31c
Size

4.4MB
Sample

220511-rtspeacfgl
MD5

e9f2ee42a89a766fdf4d2e7a210e4c9d
SHA1

a8129abd67e4f89ddb6abd0ffbf6ff4a6a7dfee5
SHA256

3f7dab7cdfdb383c4d7b5f950e1336eb41e3288c958ba4936419d41a40bbd31c
SHA512

ecbc01684ca05081206f5805ff9894eda21421c7fcd21c8aab0717adb97e4d5d65d5d26d63e056899a5dc62852c4799691000cb6ae4fcf966faa309e71ffa35c

Score

10^/10

rms evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

3f7dab7cdfdb383c4d7b5f950e1336eb41e3288c958ba4936419d41a40bbd31c.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3f7dab7cdfdb383c4d7b5f950e1336eb41e3288c958ba4936419d41a40bbd31c.exe

Resource

win10v2004-20220414-en

rms evasion rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3f7dab7cdfdb383c4d7b5f950e1336eb41e3288c958ba4936419d41a40bbd31c
- Size
  
  4.4MB
- MD5
  
  e9f2ee42a89a766fdf4d2e7a210e4c9d
- SHA1
  
  a8129abd67e4f89ddb6abd0ffbf6ff4a6a7dfee5
- SHA256
  
  3f7dab7cdfdb383c4d7b5f950e1336eb41e3288c958ba4936419d41a40bbd31c
- SHA512
  
  ecbc01684ca05081206f5805ff9894eda21421c7fcd21c8aab0717adb97e4d5d65d5d26d63e056899a5dc62852c4799691000cb6ae4fcf966faa309e71ffa35c
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rmsevasionrattrojan

© 2018-2025

Terms | Privacy