rms | 09f1f3a51f27caf87008f9543eb415178b4fa85715eaa9ddbb100ffc2f2d0437 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

09f1f3a51f...37.exe

windows7_x64

1

09f1f3a51f...37.exe

windows10-2004_x64

Sharing

General

Target

09f1f3a51f27caf87008f9543eb415178b4fa85715eaa9ddbb100ffc2f2d0437
Size

4.0MB
Sample

220524-t6ez7ahgd4
MD5

8ec454c70b35e6f39e98c5375f730476
SHA1

a3b6297f489c5701294166503e2f691ded393df0
SHA256

09f1f3a51f27caf87008f9543eb415178b4fa85715eaa9ddbb100ffc2f2d0437
SHA512

c95fb98bfe57e87809f960da9dbb7696f17676595e60fe0a0d555a56fe0f2cb8c35ce0beb71b830df35776da3d38f0c34246678aa03b22d56beca015df914faa

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

09f1f3a51f27caf87008f9543eb415178b4fa85715eaa9ddbb100ffc2f2d0437.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

09f1f3a51f27caf87008f9543eb415178b4fa85715eaa9ddbb100ffc2f2d0437.exe

Resource

win10v2004-20220414-en

rms evasion rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  09f1f3a51f27caf87008f9543eb415178b4fa85715eaa9ddbb100ffc2f2d0437
- Size
  
  4.0MB
- MD5
  
  8ec454c70b35e6f39e98c5375f730476
- SHA1
  
  a3b6297f489c5701294166503e2f691ded393df0
- SHA256
  
  09f1f3a51f27caf87008f9543eb415178b4fa85715eaa9ddbb100ffc2f2d0437
- SHA512
  
  c95fb98bfe57e87809f960da9dbb7696f17676595e60fe0a0d555a56fe0f2cb8c35ce0beb71b830df35776da3d38f0c34246678aa03b22d56beca015df914faa
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rmsevasionrattrojanupx

© 2018-2025

Terms | Privacy