rms | fb2c0262656d101b084eecc059653b938081a6a812197d2c6c8f7582f946c3e3 | Triage

Submit
Reports

Overview

overview

Static

static

fb2c026265...e3.exe

windows7-x64

fb2c026265...e3.exe

windows10-2004-x64

Sharing

General

Target

fb2c0262656d101b084eecc059653b938081a6a812197d2c6c8f7582f946c3e3
Size

7.3MB
Sample

221003-3mpjysceb4
MD5

6b6702acef95453426afa2f1d2520bb2
SHA1

47293a57769289aa4070f04f22f7d9fcc77c9682
SHA256

fb2c0262656d101b084eecc059653b938081a6a812197d2c6c8f7582f946c3e3
SHA512

e93652d097c7cb45c46acb5926cf59ad87741ee9a795c4294d4bbed43827aecde27e34520102da717073d4a197b6c5d4addd581ee2ae7c4020f5415cb93f9c5c
SSDEEP

196608:W15XKNCDOtv1BCkrxlpJ8EAnOsjnkrciwzSQ2Y:WrXov6sxDiEAOsjo2X2Y

Score

10^/10

rms persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

fb2c0262656d101b084eecc059653b938081a6a812197d2c6c8f7582f946c3e3.exe

Resource

win7-20220812-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb2c0262656d101b084eecc059653b938081a6a812197d2c6c8f7582f946c3e3.exe

Resource

win10v2004-20220812-en

rms persistence rat trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  fb2c0262656d101b084eecc059653b938081a6a812197d2c6c8f7582f946c3e3
- Size
  
  7.3MB
- MD5
  
  6b6702acef95453426afa2f1d2520bb2
- SHA1
  
  47293a57769289aa4070f04f22f7d9fcc77c9682
- SHA256
  
  fb2c0262656d101b084eecc059653b938081a6a812197d2c6c8f7582f946c3e3
- SHA512
  
  e93652d097c7cb45c46acb5926cf59ad87741ee9a795c4294d4bbed43827aecde27e34520102da717073d4a197b6c5d4addd581ee2ae7c4020f5415cb93f9c5c
- SSDEEP
  
  196608:W15XKNCDOtv1BCkrxlpJ8EAnOsjnkrciwzSQ2Y:WrXov6sxDiEAOsjo2X2Y
Score

10^/10

rms rat trojan persistence
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Blocklisted process makes network request
- Executes dropped EXE
- Registers new Print Monitor
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

rmspersistencerattrojan

© 2018-2024

Terms | Privacy