rms | bd2e4660c59996e3536f9e2fa39b26709b6a6e72108f653e3c4a9dda00b01c05 | Triage

Submit
Reports

Overview

overview

Static

static

bd2e4660c5...05.exe

windows7-x64

bd2e4660c5...05.exe

windows10-2004-x64

Sharing

General

Target

bd2e4660c59996e3536f9e2fa39b26709b6a6e72108f653e3c4a9dda00b01c05
Size

5.4MB
Sample

221120-enqlmsfb42
MD5

50005c220db8ad28b779d9732597ab22
SHA1

4160930ff625237897e1d7195ef4d9780376985f
SHA256

bd2e4660c59996e3536f9e2fa39b26709b6a6e72108f653e3c4a9dda00b01c05
SHA512

ba7782630eadbd51b825e06ec476deaa7f27ab06adb9e077b175820f18ba1ac640d716831840e18460c68735ddb0dccbd43bd325c283faa4fa926558f7086a8e
SSDEEP

98304:n3/zlJ46EGhmo1clCqM9e8o5729oPJAxaXSBDt02pPd0iysCy8N7rvlqa6FSB:n3LlJNd6s8lP2x6SHl9CySf9qa6SB

Score

10^/10

rms rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

bd2e4660c59996e3536f9e2fa39b26709b6a6e72108f653e3c4a9dda00b01c05.exe

Resource

win7-20221111-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

bd2e4660c59996e3536f9e2fa39b26709b6a6e72108f653e3c4a9dda00b01c05.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  bd2e4660c59996e3536f9e2fa39b26709b6a6e72108f653e3c4a9dda00b01c05
- Size
  
  5.4MB
- MD5
  
  50005c220db8ad28b779d9732597ab22
- SHA1
  
  4160930ff625237897e1d7195ef4d9780376985f
- SHA256
  
  bd2e4660c59996e3536f9e2fa39b26709b6a6e72108f653e3c4a9dda00b01c05
- SHA512
  
  ba7782630eadbd51b825e06ec476deaa7f27ab06adb9e077b175820f18ba1ac640d716831840e18460c68735ddb0dccbd43bd325c283faa4fa926558f7086a8e
- SSDEEP
  
  98304:n3/zlJ46EGhmo1clCqM9e8o5729oPJAxaXSBDt02pPd0iysCy8N7rvlqa6FSB:n3LlJNd6s8lP2x6SHl9CySf9qa6SB
Score

10^/10

rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy