rms | 5ca050af396a615d9f342b12ad4cb5ca1413b8ae8687bfd8f80bf83a859479bb | Triage

Submit
Reports

Overview

overview

Static

static

5

5ca050af39...bb.exe

windows7-x64

5ca050af39...bb.exe

windows10-2004-x64

Sharing

General

Target

5ca050af396a615d9f342b12ad4cb5ca1413b8ae8687bfd8f80bf83a859479bb
Size

13.8MB
Sample

220801-ghrmvsddhp
MD5

7092d2964964ec02188ecf9f07aefc88
SHA1

e87994b619b5139e20b14db2a8b2d0a41e36a6e2
SHA256

5ca050af396a615d9f342b12ad4cb5ca1413b8ae8687bfd8f80bf83a859479bb
SHA512

6da77c955071b7f1a430ce4f559ee655658fdd1392c9136a9359a62e6270d0b1f2bfe616173911ae0cdb331200fa204dce63c5df16db08b6e03a41f9c3215a6c

Score

10^/10

rms aspackv2 evasion rat trojan upx vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5ca050af396a615d9f342b12ad4cb5ca1413b8ae8687bfd8f80bf83a859479bb.exe

Resource

win7-20220715-en

rms aspackv2 evasion rat trojan upx vmprotect

windows7-x64

28 signatures

150 seconds

Behavioral task

behavioral2

Sample

5ca050af396a615d9f342b12ad4cb5ca1413b8ae8687bfd8f80bf83a859479bb.exe

Resource

win10v2004-20220721-en

rms aspackv2 evasion rat trojan upx vmprotect

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  5ca050af396a615d9f342b12ad4cb5ca1413b8ae8687bfd8f80bf83a859479bb
- Size
  
  13.8MB
- MD5
  
  7092d2964964ec02188ecf9f07aefc88
- SHA1
  
  e87994b619b5139e20b14db2a8b2d0a41e36a6e2
- SHA256
  
  5ca050af396a615d9f342b12ad4cb5ca1413b8ae8687bfd8f80bf83a859479bb
- SHA512
  
  6da77c955071b7f1a430ce4f559ee655658fdd1392c9136a9359a62e6270d0b1f2bfe616173911ae0cdb331200fa204dce63c5df16db08b6e03a41f9c3215a6c
Score

10^/10

rms aspackv2 evasion rat trojan upx vmprotect
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Hidden Files and Directories

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Install Root Certificate

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

rmsaspackv2evasionrattrojanupxvmprotect

behavioral2

rmsaspackv2evasionrattrojanupxvmprotect

© 2018-2024

Terms | Privacy