rms | 58e4c84fabbc2da147340908ee012ec7bfcf7f609f596ab03a9b6d361893e8b3 | Triage

Submit
Reports

Overview

overview

Static

static

58e4c84fab...b3.exe

windows7_x64

58e4c84fab...b3.exe

windows10-2004_x64

Sharing

General

Target

58e4c84fabbc2da147340908ee012ec7bfcf7f609f596ab03a9b6d361893e8b3
Size

4.0MB
Sample

220625-fxpldafecl
MD5

ba071d7bca387135f0aba163a15b2f71
SHA1

3cb695417d3e774feef94c71ed27fb64222e5f73
SHA256

58e4c84fabbc2da147340908ee012ec7bfcf7f609f596ab03a9b6d361893e8b3
SHA512

6ae234a49d4ac9d145681e891540abaacbf3ca2dd7827d51d0a4756d2f34b47d297c57f9f691f68898b93b91cbc4939a7d062918d59a227f60f5f4007d93efcd

Score

10^/10

rms persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

58e4c84fabbc2da147340908ee012ec7bfcf7f609f596ab03a9b6d361893e8b3.exe

Resource

win7-20220414-en

rms persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

58e4c84fabbc2da147340908ee012ec7bfcf7f609f596ab03a9b6d361893e8b3.exe

Resource

win10v2004-20220414-en

rms persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  58e4c84fabbc2da147340908ee012ec7bfcf7f609f596ab03a9b6d361893e8b3
- Size
  
  4.0MB
- MD5
  
  ba071d7bca387135f0aba163a15b2f71
- SHA1
  
  3cb695417d3e774feef94c71ed27fb64222e5f73
- SHA256
  
  58e4c84fabbc2da147340908ee012ec7bfcf7f609f596ab03a9b6d361893e8b3
- SHA512
  
  6ae234a49d4ac9d145681e891540abaacbf3ca2dd7827d51d0a4756d2f34b47d297c57f9f691f68898b93b91cbc4939a7d062918d59a227f60f5f4007d93efcd
Score

10^/10

rms persistence rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

rmspersistencerattrojan

behavioral2

rmspersistencerattrojan

© 2018-2024

Terms | Privacy