rms | 3f2e1e8605555887c891dbdd6b19a34327464f43f23a886c38a3ea20150d7c84 | Triage

Submit
Reports

Overview

overview

Static

static

8

3F2E1E8605...A8.exe

windows7-x64

3F2E1E8605...A8.exe

windows10-2004-x64

Sharing

General

Target

3F2E1E8605555887C891DBDD6B19A34327464F43F23A8.exe
Size

16.9MB
Sample

221121-gtqvpseg28
MD5

3a65450749fdcfbd3899d81b737d71aa
SHA1

c255cf28f9d90a549ce7502564fee148ff9f4255
SHA256

3f2e1e8605555887c891dbdd6b19a34327464f43f23a886c38a3ea20150d7c84
SHA512

3c7e4ae2d72ff1423dff023fc2f5a8e4a6ebff0e8a0945fd4335cf090c694b513ccfbc94ca0905dc3b7ed62d21618c64db623f0cd0c64faec744c13f2daaaf29
SSDEEP

393216:l5wMXez8dmAsCjO8RpB4cLO+aPn8jrqwM:zX3m/SO8F/javqrqwM

Score

10^/10

rms rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3F2E1E8605555887C891DBDD6B19A34327464F43F23A8.exe

Resource

win7-20221111-en

rms rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

3F2E1E8605555887C891DBDD6B19A34327464F43F23A8.exe

Resource

win10v2004-20220812-en

rms rat trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  3F2E1E8605555887C891DBDD6B19A34327464F43F23A8.exe
- Size
  
  16.9MB
- MD5
  
  3a65450749fdcfbd3899d81b737d71aa
- SHA1
  
  c255cf28f9d90a549ce7502564fee148ff9f4255
- SHA256
  
  3f2e1e8605555887c891dbdd6b19a34327464f43f23a886c38a3ea20150d7c84
- SHA512
  
  3c7e4ae2d72ff1423dff023fc2f5a8e4a6ebff0e8a0945fd4335cf090c694b513ccfbc94ca0905dc3b7ed62d21618c64db623f0cd0c64faec744c13f2daaaf29
- SSDEEP
  
  393216:l5wMXez8dmAsCjO8RpB4cLO+aPn8jrqwM:zX3m/SO8F/javqrqwM
Score

10^/10

rms rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsrattrojanupx

behavioral2

rmsrattrojanupx

© 2018-2025

Terms | Privacy