rms | 84d34cc3b14341a319c79d5e4dcc65b0ca3be1217eb7a30a22484e19768fef20 | Triage

Submit
Reports

Overview

overview

Static

static

84d34cc3b1...20.exe

windows7_x64

84d34cc3b1...20.exe

windows10-2004_x64

Sharing

General

Target

84d34cc3b14341a319c79d5e4dcc65b0ca3be1217eb7a30a22484e19768fef20
Size

6.2MB
Sample

220524-qzl85sgdal
MD5

6fbe23c223dd331bf3e51fc1e2cd747f
SHA1

1851456582508c0040ce403a3c82f92e355ef12f
SHA256

84d34cc3b14341a319c79d5e4dcc65b0ca3be1217eb7a30a22484e19768fef20
SHA512

ffe3dfbb322974a75cf0be23406ea1c30682960542989b3e919b29e29429f11f24326345caf06700d96f8c21954bf5f141280bd5bb6bc0213b0f5a05cb6261da

Score

10^/10

rms persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

84d34cc3b14341a319c79d5e4dcc65b0ca3be1217eb7a30a22484e19768fef20.exe

Resource

win7-20220414-en

rms persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

84d34cc3b14341a319c79d5e4dcc65b0ca3be1217eb7a30a22484e19768fef20.exe

Resource

win10v2004-20220414-en

rms persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  84d34cc3b14341a319c79d5e4dcc65b0ca3be1217eb7a30a22484e19768fef20
- Size
  
  6.2MB
- MD5
  
  6fbe23c223dd331bf3e51fc1e2cd747f
- SHA1
  
  1851456582508c0040ce403a3c82f92e355ef12f
- SHA256
  
  84d34cc3b14341a319c79d5e4dcc65b0ca3be1217eb7a30a22484e19768fef20
- SHA512
  
  ffe3dfbb322974a75cf0be23406ea1c30682960542989b3e919b29e29429f11f24326345caf06700d96f8c21954bf5f141280bd5bb6bc0213b0f5a05cb6261da
Score

10^/10

rms persistence rat trojan
- Modifies WinLogon for persistence
  persistence
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmspersistencerattrojan

behavioral2

rmspersistencerattrojan

© 2018-2025

Terms | Privacy