rms | 915738e4e4df8462f006d169a1cdebc3f311f7250b794281f78fa24d90586e4b | Triage

Submit
Reports

Overview

overview

Static

static

8

915738e4e4...4b.exe

windows7_x64

915738e4e4...4b.exe

windows10-2004_x64

Sharing

General

Target

915738e4e4df8462f006d169a1cdebc3f311f7250b794281f78fa24d90586e4b
Size

3.9MB
Sample

220516-cr4xbscfap
MD5

80df2f0d4da5e61f4341c4d971170395
SHA1

4246048db2e697a05f8dc252e3cb60f7ce83832a
SHA256

915738e4e4df8462f006d169a1cdebc3f311f7250b794281f78fa24d90586e4b
SHA512

8a78824845d3b5f235028dd19107a6a9469f5f1bb4b18d7e41e54e6aff1d76157e0866c1cdb6d0d46029bca4307afc501a50f04d03926902ff96d8ca44acf069

Score

10^/10

rms aspackv2 rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

915738e4e4df8462f006d169a1cdebc3f311f7250b794281f78fa24d90586e4b.exe

Resource

win7-20220414-en

rms aspackv2 rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

915738e4e4df8462f006d169a1cdebc3f311f7250b794281f78fa24d90586e4b.exe

Resource

win10v2004-20220414-en

rms aspackv2 rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  915738e4e4df8462f006d169a1cdebc3f311f7250b794281f78fa24d90586e4b
- Size
  
  3.9MB
- MD5
  
  80df2f0d4da5e61f4341c4d971170395
- SHA1
  
  4246048db2e697a05f8dc252e3cb60f7ce83832a
- SHA256
  
  915738e4e4df8462f006d169a1cdebc3f311f7250b794281f78fa24d90586e4b
- SHA512
  
  8a78824845d3b5f235028dd19107a6a9469f5f1bb4b18d7e41e54e6aff1d76157e0866c1cdb6d0d46029bca4307afc501a50f04d03926902ff96d8ca44acf069
Score

10^/10

rms aspackv2 rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsaspackv2rattrojanupx

behavioral2

rmsaspackv2rattrojanupx

© 2018-2025

Terms | Privacy