rms | 4937273be0ef7ba04cc76c9be306cf965d9574bab855be9988334f7969083798 | Triage

Submit
Reports

Overview

overview

Static

static

4937273be0...98.exe

windows7_x64

4937273be0...98.exe

windows10-2004_x64

Sharing

General

Target

4937273be0ef7ba04cc76c9be306cf965d9574bab855be9988334f7969083798
Size

4.0MB
Sample

220524-t5azvahga7
MD5

29a0fb42c31ec455aab5bfd76c20418b
SHA1

5110b413904369d27ee6e71bca4aa0d1452cf042
SHA256

4937273be0ef7ba04cc76c9be306cf965d9574bab855be9988334f7969083798
SHA512

ad0d0808a886c934f52b20341c25a662a2cb8328ffb0a04aae05e6631a8d55a25372fc3f999b6bebc952ed028e24ce84489246828ff3b302e0d210cd04c6ba00

Score

10^/10

rms aspackv2 rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

4937273be0ef7ba04cc76c9be306cf965d9574bab855be9988334f7969083798.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4937273be0ef7ba04cc76c9be306cf965d9574bab855be9988334f7969083798.exe

Resource

win10v2004-20220414-en

rms aspackv2 rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4937273be0ef7ba04cc76c9be306cf965d9574bab855be9988334f7969083798
- Size
  
  4.0MB
- MD5
  
  29a0fb42c31ec455aab5bfd76c20418b
- SHA1
  
  5110b413904369d27ee6e71bca4aa0d1452cf042
- SHA256
  
  4937273be0ef7ba04cc76c9be306cf965d9574bab855be9988334f7969083798
- SHA512
  
  ad0d0808a886c934f52b20341c25a662a2cb8328ffb0a04aae05e6631a8d55a25372fc3f999b6bebc952ed028e24ce84489246828ff3b302e0d210cd04c6ba00
Score

10^/10

rms rat trojan aspackv2 upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rmsaspackv2rattrojanupx

© 2018-2025

Terms | Privacy