rms | 372b18086703b41341808ccbf0be39c92096c8b6da75d1d471b1ebe995f7ab85 | Triage

Submit
Reports

Overview

overview

Static

static

372b180867...85.exe

windows7-x64

372b180867...85.exe

windows10-2004-x64

Sharing

General

Target

372b18086703b41341808ccbf0be39c92096c8b6da75d1d471b1ebe995f7ab85
Size

3.5MB
Sample

221029-rdms8aaad6
MD5

24629ece9cd7382f51684c7eedef355d
SHA1

48431b63b6abf79d05bc729bfb61852e119c1714
SHA256

372b18086703b41341808ccbf0be39c92096c8b6da75d1d471b1ebe995f7ab85
SHA512

7794f7ca424e856fcc12e7a08bd93e444d591a09200010caf85d2bf1be097258e0a2aa47d1f3d2e831c2e23c989c6ee10ff9f4bce4f191648a7fe76037bed3ba
SSDEEP

49152:1bSO/Zb2GmSUMrVYrrNheDzuKGTsztBsapHQLTSjNQeb35pnoQcSlsKUF+ikZ:EuZK8f+vNOmT0psSpppUKUg9Z

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

372b18086703b41341808ccbf0be39c92096c8b6da75d1d471b1ebe995f7ab85.exe

Resource

win7-20220812-en

rms evasion rat trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

372b18086703b41341808ccbf0be39c92096c8b6da75d1d471b1ebe995f7ab85.exe

Resource

win10v2004-20220812-en

rms evasion rat trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  372b18086703b41341808ccbf0be39c92096c8b6da75d1d471b1ebe995f7ab85
- Size
  
  3.5MB
- MD5
  
  24629ece9cd7382f51684c7eedef355d
- SHA1
  
  48431b63b6abf79d05bc729bfb61852e119c1714
- SHA256
  
  372b18086703b41341808ccbf0be39c92096c8b6da75d1d471b1ebe995f7ab85
- SHA512
  
  7794f7ca424e856fcc12e7a08bd93e444d591a09200010caf85d2bf1be097258e0a2aa47d1f3d2e831c2e23c989c6ee10ff9f4bce4f191648a7fe76037bed3ba
- SSDEEP
  
  49152:1bSO/Zb2GmSUMrVYrrNheDzuKGTsztBsapHQLTSjNQeb35pnoQcSlsKUF+ikZ:EuZK8f+vNOmT0psSpppUKUg9Z
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

rmsevasionrattrojanupx

© 2018-2024

Terms | Privacy