rms | 39c629890b83c16730a8f14dcda8433af706d16321c2b690ee31ea3a51a81c30 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

39c629890b...30.exe

windows7_x64

39c629890b...30.exe

windows10-2004_x64

Sharing

General

Target

39c629890b83c16730a8f14dcda8433af706d16321c2b690ee31ea3a51a81c30
Size

6.9MB
Sample

220625-ke6jdsdbbm
MD5

9e2ebebe5395613570f74fbb81fee5ab
SHA1

57d18968757efe10c0a87bba5cc55797653bb352
SHA256

39c629890b83c16730a8f14dcda8433af706d16321c2b690ee31ea3a51a81c30
SHA512

cb1101a1e978330666099b8b8ececd72fecd9163a15f544c509522bd36be11adf54a8514d37dc306d78a105d4e79b11132b8fc3c35d32187ab55f4ea18e1b580

Score

10^/10

rms aspackv2 rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

39c629890b83c16730a8f14dcda8433af706d16321c2b690ee31ea3a51a81c30.exe

Resource

win7-20220414-en

rms aspackv2 rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

39c629890b83c16730a8f14dcda8433af706d16321c2b690ee31ea3a51a81c30.exe

Resource

win10v2004-20220414-en

rms aspackv2 rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  39c629890b83c16730a8f14dcda8433af706d16321c2b690ee31ea3a51a81c30
- Size
  
  6.9MB
- MD5
  
  9e2ebebe5395613570f74fbb81fee5ab
- SHA1
  
  57d18968757efe10c0a87bba5cc55797653bb352
- SHA256
  
  39c629890b83c16730a8f14dcda8433af706d16321c2b690ee31ea3a51a81c30
- SHA512
  
  cb1101a1e978330666099b8b8ececd72fecd9163a15f544c509522bd36be11adf54a8514d37dc306d78a105d4e79b11132b8fc3c35d32187ab55f4ea18e1b580
Score

10^/10

rms aspackv2 rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsaspackv2rattrojanupx

behavioral2

rmsaspackv2rattrojanupx

© 2018-2025

Terms | Privacy