rms | 5e5e14222258ab97a1727f4ade75a37f1754cfe3d48e7ae7f9072bafcd21012a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5e5e142222...2a.exe

windows7_x64

5e5e142222...2a.exe

windows10-2004_x64

Sharing

General

Target

5e5e14222258ab97a1727f4ade75a37f1754cfe3d48e7ae7f9072bafcd21012a
Size

4.5MB
Sample

220524-raaz9ahadk
MD5

52c78278b86fa5d4eff97690a2db9190
SHA1

f30f7cb2ed3d2a2d450f3e3406aa73cd4495a964
SHA256

5e5e14222258ab97a1727f4ade75a37f1754cfe3d48e7ae7f9072bafcd21012a
SHA512

fe1633ce8bf39e7eb1989196318e314b03b8ec4bdf0871823b336ce40b449a69c30ff5fc41073deabe6e9c6e8411c51988c5eebd7eb1775558980da11d39d1d6

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

5e5e14222258ab97a1727f4ade75a37f1754cfe3d48e7ae7f9072bafcd21012a.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5e5e14222258ab97a1727f4ade75a37f1754cfe3d48e7ae7f9072bafcd21012a.exe

Resource

win10v2004-20220414-en

rms evasion rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  5e5e14222258ab97a1727f4ade75a37f1754cfe3d48e7ae7f9072bafcd21012a
- Size
  
  4.5MB
- MD5
  
  52c78278b86fa5d4eff97690a2db9190
- SHA1
  
  f30f7cb2ed3d2a2d450f3e3406aa73cd4495a964
- SHA256
  
  5e5e14222258ab97a1727f4ade75a37f1754cfe3d48e7ae7f9072bafcd21012a
- SHA512
  
  fe1633ce8bf39e7eb1989196318e314b03b8ec4bdf0871823b336ce40b449a69c30ff5fc41073deabe6e9c6e8411c51988c5eebd7eb1775558980da11d39d1d6
Score

10^/10

rms rat trojan evasion upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rmsevasionrattrojanupx

© 2018-2025

Terms | Privacy