rms | 9fdba08694aea10922189db66f2eff21fab0ffaf2fedbbcec40399b259991c27 | Triage

Submit
Reports

Overview

overview

Static

static

9fdba08694...27.exe

windows7-x64

9fdba08694...27.exe

windows10-2004-x64

Sharing

General

Target

9fdba08694aea10922189db66f2eff21fab0ffaf2fedbbcec40399b259991c27
Size

5.9MB
Sample

220919-cg3lhsbgh2
MD5

85e0f6d15deeb0bc9b7dd44167f135b8
SHA1

5b38444c9d7699a50ea4cc2ee4180d2078be28c1
SHA256

9fdba08694aea10922189db66f2eff21fab0ffaf2fedbbcec40399b259991c27
SHA512

81be94fc94ac861e154035f156486428d28ac1abc2d90ad928cbd5c7a47744c68ac9fdcc4acd945815acc84945a19b928efb6cd0d8a5ca28de8d9cb16f10961a
SSDEEP

98304:AjezE52AV4MSypEMDbhQt0lCh8TsYgj72KlH3iq71MKPm+N1CaVr92/3xf0hMZ:AS9AqMpEim0lCh8TUzl77+Ym0bQ/3G6Z

Score

10^/10

rms evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

9fdba08694aea10922189db66f2eff21fab0ffaf2fedbbcec40399b259991c27.exe

Resource

win7-20220812-en

rms evasion rat trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

9fdba08694aea10922189db66f2eff21fab0ffaf2fedbbcec40399b259991c27.exe

Resource

win10v2004-20220812-en

rms evasion rat trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  9fdba08694aea10922189db66f2eff21fab0ffaf2fedbbcec40399b259991c27
- Size
  
  5.9MB
- MD5
  
  85e0f6d15deeb0bc9b7dd44167f135b8
- SHA1
  
  5b38444c9d7699a50ea4cc2ee4180d2078be28c1
- SHA256
  
  9fdba08694aea10922189db66f2eff21fab0ffaf2fedbbcec40399b259991c27
- SHA512
  
  81be94fc94ac861e154035f156486428d28ac1abc2d90ad928cbd5c7a47744c68ac9fdcc4acd945815acc84945a19b928efb6cd0d8a5ca28de8d9cb16f10961a
- SSDEEP
  
  98304:AjezE52AV4MSypEMDbhQt0lCh8TsYgj72KlH3iq71MKPm+N1CaVr92/3xf0hMZ:AS9AqMpEim0lCh8TUzl77+Ym0bQ/3G6Z
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

rmsevasionrattrojan

behavioral2

rmsevasionrattrojan

© 2018-2024

Terms | Privacy