rms | 3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f | Triage

Submit
Reports

Overview

overview

Static

static

3c2c66b88b...3f.exe

windows7_x64

3c2c66b88b...3f.exe

windows10-2004_x64

Sharing

General

Target

3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f
Size

4.8MB
Sample

220703-j9wr1abhak
MD5

aa631cb4aa034b7ab6898b238fd14afe
SHA1

2b3aab346fa40df68e3ccd7bd50d7fb1c0ac4c14
SHA256

3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f
SHA512

2205a82bd3e3d2438d5f78432eba0d9bc7fe281307594e41a14e8a514ce26242762207374c8591238d1d67c7fe6625cb6fc18b6b40cf36be8be9ca01cba077b0

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe

Resource

win7-20220414-en

rms evasion rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe

Resource

win10v2004-20220414-en

rms evasion rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f
- Size
  
  4.8MB
- MD5
  
  aa631cb4aa034b7ab6898b238fd14afe
- SHA1
  
  2b3aab346fa40df68e3ccd7bd50d7fb1c0ac4c14
- SHA256
  
  3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f
- SHA512
  
  2205a82bd3e3d2438d5f78432eba0d9bc7fe281307594e41a14e8a514ce26242762207374c8591238d1d67c7fe6625cb6fc18b6b40cf36be8be9ca01cba077b0
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

rmsevasionrattrojanupx

© 2018-2025

Terms | Privacy