rms | 19d6754ff4b6f0aa3b8c1e0911f9450c2933263cbb99733976e2e903510bd064 | Triage

Submit
Reports

Overview

overview

Static

static

19d6754ff4...64.exe

windows7_x64

19d6754ff4...64.exe

windows10-2004_x64

Sharing

General

Target

19d6754ff4b6f0aa3b8c1e0911f9450c2933263cbb99733976e2e903510bd064
Size

4.2MB
Sample

220524-1wbncaddck
MD5

97aaf10b6715f935080eaa51e01c57af
SHA1

23e400cbb3a2b7390cf864643c0d09966a2872f9
SHA256

19d6754ff4b6f0aa3b8c1e0911f9450c2933263cbb99733976e2e903510bd064
SHA512

c9fa663568be4633f3acb3f1e699909dce2616a8520b11bad6ebbe8fb380b44c9054c952ab050f881778a64ed340ae9da60901b12fd7ed262adaa860d668eae3

Score

10^/10

rms evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

19d6754ff4b6f0aa3b8c1e0911f9450c2933263cbb99733976e2e903510bd064.exe

Resource

win7-20220414-en

rms evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

19d6754ff4b6f0aa3b8c1e0911f9450c2933263cbb99733976e2e903510bd064.exe

Resource

win10v2004-20220414-en

rms evasion rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  19d6754ff4b6f0aa3b8c1e0911f9450c2933263cbb99733976e2e903510bd064
- Size
  
  4.2MB
- MD5
  
  97aaf10b6715f935080eaa51e01c57af
- SHA1
  
  23e400cbb3a2b7390cf864643c0d09966a2872f9
- SHA256
  
  19d6754ff4b6f0aa3b8c1e0911f9450c2933263cbb99733976e2e903510bd064
- SHA512
  
  c9fa663568be4633f3acb3f1e699909dce2616a8520b11bad6ebbe8fb380b44c9054c952ab050f881778a64ed340ae9da60901b12fd7ed262adaa860d668eae3
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionrattrojan

behavioral2

rmsevasionrattrojan

© 2018-2025

Terms | Privacy