rms | 6dee044e1e077b37eb47648c3debefb74a8ba80be576cbd94dccf4924e158ec5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

6dee044e1e...c5.exe

windows7_x64

6dee044e1e...c5.exe

windows10-2004_x64

Sharing

General

Target

6dee044e1e077b37eb47648c3debefb74a8ba80be576cbd94dccf4924e158ec5
Size

2.6MB
Sample

220524-qzb36sche5
MD5

8a2a1a539b09daea31c6d7b5fe030a5f
SHA1

afe6bf6655244be1b4b873ec47acfc265cf4ca4b
SHA256

6dee044e1e077b37eb47648c3debefb74a8ba80be576cbd94dccf4924e158ec5
SHA512

13e882472e197179ec7f95584f0a4c7809e9b88164b92c5ddd03cb60c66f5779810c528fb7627ee50f14f581b896ae4292fa4f70e7d303774e6fad7f15556c3c

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

6dee044e1e077b37eb47648c3debefb74a8ba80be576cbd94dccf4924e158ec5.exe

Resource

win7-20220414-en

rms evasion rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6dee044e1e077b37eb47648c3debefb74a8ba80be576cbd94dccf4924e158ec5.exe

Resource

win10v2004-20220414-en

rms evasion rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  6dee044e1e077b37eb47648c3debefb74a8ba80be576cbd94dccf4924e158ec5
- Size
  
  2.6MB
- MD5
  
  8a2a1a539b09daea31c6d7b5fe030a5f
- SHA1
  
  afe6bf6655244be1b4b873ec47acfc265cf4ca4b
- SHA256
  
  6dee044e1e077b37eb47648c3debefb74a8ba80be576cbd94dccf4924e158ec5
- SHA512
  
  13e882472e197179ec7f95584f0a4c7809e9b88164b92c5ddd03cb60c66f5779810c528fb7627ee50f14f581b896ae4292fa4f70e7d303774e6fad7f15556c3c
Score

10^/10

rms evasion rat trojan upx
- Modifies firewall policy service
  evasion
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- UAC bypass
  evasion trojan
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

rmsevasionrattrojanupx

© 2018-2025

Terms | Privacy