rms | 244ca178cbb5116d9cde1375b6b9d95e74d1e24612f75c850e69724a6f1ad3cf | Triage

Submit
Reports

Overview

overview

Static

static

244ca178cb...cf.exe

windows7_x64

8

244ca178cb...cf.exe

windows10-2004_x64

Sharing

General

Target

244ca178cbb5116d9cde1375b6b9d95e74d1e24612f75c850e69724a6f1ad3cf
Size

5.5MB
Sample

220520-d8ybjsgbh7
MD5

42f3db290bdb873ea53f87dd71262d41
SHA1

97c643cee498989e193330f0af5b3d5a9d50977b
SHA256

244ca178cbb5116d9cde1375b6b9d95e74d1e24612f75c850e69724a6f1ad3cf
SHA512

2ced086d1488f1cda5d0dfbff9b30f1c838896f925bf615c71b26816ba43a2632f74d1da0880eccaf3b4793c3ad44b24063437285995d034d62751e9cc108841

Score

10^/10

rms evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

244ca178cbb5116d9cde1375b6b9d95e74d1e24612f75c850e69724a6f1ad3cf.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

244ca178cbb5116d9cde1375b6b9d95e74d1e24612f75c850e69724a6f1ad3cf.exe

Resource

win10v2004-20220414-en

rms evasion rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  244ca178cbb5116d9cde1375b6b9d95e74d1e24612f75c850e69724a6f1ad3cf
- Size
  
  5.5MB
- MD5
  
  42f3db290bdb873ea53f87dd71262d41
- SHA1
  
  97c643cee498989e193330f0af5b3d5a9d50977b
- SHA256
  
  244ca178cbb5116d9cde1375b6b9d95e74d1e24612f75c850e69724a6f1ad3cf
- SHA512
  
  2ced086d1488f1cda5d0dfbff9b30f1c838896f925bf615c71b26816ba43a2632f74d1da0880eccaf3b4793c3ad44b24063437285995d034d62751e9cc108841
Score

10^/10

evasion rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rmsevasionrattrojan

© 2018-2025

Terms | Privacy