rms | 9aee7ce88be5a073948288a5a5b0a1dc1cf6a9ea73dce2c6cdd5e47942edcd6f | Triage

Submit
Reports

Overview

overview

Static

static

9aee7ce88b...6f.exe

windows7_x64

9aee7ce88b...6f.exe

windows10-2004_x64

8

Sharing

General

Target

9aee7ce88be5a073948288a5a5b0a1dc1cf6a9ea73dce2c6cdd5e47942edcd6f
Size

4.8MB
Sample

220524-vfpx5seaan
MD5

0d0e37472e7bdea8cd7d9564fd2e41bc
SHA1

68b40398a9759f91a790b89474009840d3651b04
SHA256

9aee7ce88be5a073948288a5a5b0a1dc1cf6a9ea73dce2c6cdd5e47942edcd6f
SHA512

0bd337f72f1b309e0f477f15d248e793be80cb14fa39f142362bb2a18043d41179d362e8801dcb997b65282ef892d07a606f5dfe3f701999379da5a1b527e545

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

9aee7ce88be5a073948288a5a5b0a1dc1cf6a9ea73dce2c6cdd5e47942edcd6f.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9aee7ce88be5a073948288a5a5b0a1dc1cf6a9ea73dce2c6cdd5e47942edcd6f.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9aee7ce88be5a073948288a5a5b0a1dc1cf6a9ea73dce2c6cdd5e47942edcd6f
- Size
  
  4.8MB
- MD5
  
  0d0e37472e7bdea8cd7d9564fd2e41bc
- SHA1
  
  68b40398a9759f91a790b89474009840d3651b04
- SHA256
  
  9aee7ce88be5a073948288a5a5b0a1dc1cf6a9ea73dce2c6cdd5e47942edcd6f
- SHA512
  
  0bd337f72f1b309e0f477f15d248e793be80cb14fa39f142362bb2a18043d41179d362e8801dcb997b65282ef892d07a606f5dfe3f701999379da5a1b527e545
Score

10^/10

rms rat trojan evasion upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy