rms | 8c13bccbda4ac9cd36d52a8205e7068834a51989ed55bd152cacca38ca1ec2fc | Triage

Submit
Reports

Overview

overview

Static

static

8c13bccbda...fc.exe

windows7_x64

8c13bccbda...fc.exe

windows10-2004_x64

Sharing

General

Target

8c13bccbda4ac9cd36d52a8205e7068834a51989ed55bd152cacca38ca1ec2fc
Size

4.8MB
Sample

220524-sak1wsfcc4
MD5

4a5f2f1f3f38fc6e3c9b6a746e1e0857
SHA1

2d8aaea4b525b475e66679d1b0e498a6c003b72e
SHA256

8c13bccbda4ac9cd36d52a8205e7068834a51989ed55bd152cacca38ca1ec2fc
SHA512

2d79d6832f54615e57cfeff55d7796626df3f7d4674432fd4396286efcb8e51d8f95e12eef5963c7d03935f1b651ee39e75e6465481e4370d84682ef5644e345

Score

10^/10

rms discovery evasion rat suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

8c13bccbda4ac9cd36d52a8205e7068834a51989ed55bd152cacca38ca1ec2fc.exe

Resource

win7-20220414-en

rms discovery evasion rat suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8c13bccbda4ac9cd36d52a8205e7068834a51989ed55bd152cacca38ca1ec2fc.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8c13bccbda4ac9cd36d52a8205e7068834a51989ed55bd152cacca38ca1ec2fc
- Size
  
  4.8MB
- MD5
  
  4a5f2f1f3f38fc6e3c9b6a746e1e0857
- SHA1
  
  2d8aaea4b525b475e66679d1b0e498a6c003b72e
- SHA256
  
  8c13bccbda4ac9cd36d52a8205e7068834a51989ed55bd152cacca38ca1ec2fc
- SHA512
  
  2d79d6832f54615e57cfeff55d7796626df3f7d4674432fd4396286efcb8e51d8f95e12eef5963c7d03935f1b651ee39e75e6465481e4370d84682ef5644e345
Score

10^/10

rms discovery evasion rat suricata trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

rmsdiscoveryevasionratsuricatatrojanupx

behavioral2

© 2018-2025

Terms | Privacy