rms | 0aac63a17439f31adb411a8d7de0cf2b1316fc2d9a5e3166fb74dc1053c805fc | Triage

Submit
Reports

Overview

overview

Static

static

0aac63a174...fc.exe

windows7_x64

0aac63a174...fc.exe

windows10-2004_x64

Sharing

General

Target

0aac63a17439f31adb411a8d7de0cf2b1316fc2d9a5e3166fb74dc1053c805fc
Size

4.1MB
Sample

220524-q6rgfagfcr
MD5

5fb9e7b8488d2371d19cc23dc8a5773d
SHA1

fa908ea90cd99bea6290a62ebf4c53140e43fbf0
SHA256

0aac63a17439f31adb411a8d7de0cf2b1316fc2d9a5e3166fb74dc1053c805fc
SHA512

c6a9785f151267eeba0276c06019ea2adc18fe6fa4d9bd7ed3cb1072c793ecb7f08aad68c5d2ba7b75cb9c30c625169c5fe7522d52c22ff150a9b889a2f1b6dd

Score

10^/10

rms aspackv2 rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

0aac63a17439f31adb411a8d7de0cf2b1316fc2d9a5e3166fb74dc1053c805fc.exe

Resource

win7-20220414-en

rms rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0aac63a17439f31adb411a8d7de0cf2b1316fc2d9a5e3166fb74dc1053c805fc.exe

Resource

win10v2004-20220414-en

rms aspackv2 rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0aac63a17439f31adb411a8d7de0cf2b1316fc2d9a5e3166fb74dc1053c805fc
- Size
  
  4.1MB
- MD5
  
  5fb9e7b8488d2371d19cc23dc8a5773d
- SHA1
  
  fa908ea90cd99bea6290a62ebf4c53140e43fbf0
- SHA256
  
  0aac63a17439f31adb411a8d7de0cf2b1316fc2d9a5e3166fb74dc1053c805fc
- SHA512
  
  c6a9785f151267eeba0276c06019ea2adc18fe6fa4d9bd7ed3cb1072c793ecb7f08aad68c5d2ba7b75cb9c30c625169c5fe7522d52c22ff150a9b889a2f1b6dd
Score

10^/10

rms rat trojan upx aspackv2
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsrattrojanupx

behavioral2

rmsaspackv2rattrojanupx

© 2018-2025

Terms | Privacy