rms | 4e2d15b97cde8f1d4a479e4baa8d6cf0101be41761be5eb9aa493235cf21f471 | Triage

Submit
Reports

Overview

overview

Static

static

4e2d15b97c...71.exe

windows7-x64

4e2d15b97c...71.exe

windows10-2004-x64

8

Sharing

General

Target

4e2d15b97cde8f1d4a479e4baa8d6cf0101be41761be5eb9aa493235cf21f471
Size

1.6MB
Sample

221122-akac2acf38
MD5

8c9ee3bfbe51d974f7803fa5befb8ee9
SHA1

8102be0780e16aa9ccc6a219c94b7fe2f1b60aac
SHA256

4e2d15b97cde8f1d4a479e4baa8d6cf0101be41761be5eb9aa493235cf21f471
SHA512

a552ea7f72223163c0ea338a1d4d69e961d4a68204cea0b89e580d2d155627b2f9a566ce0c65c0c6641b42253b225f9a24ac005f29671b8e7c39cf9dfe00201f
SSDEEP

24576:GD3aW204oHwEbVO8GI9nx8ZTDHrN/Sg6N5UYoIcvCNmplQYSm326:GDuCdhO8hnxqTDHR/h6V/tETQem6

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

4e2d15b97cde8f1d4a479e4baa8d6cf0101be41761be5eb9aa493235cf21f471.exe

Resource

win7-20221111-en

rms evasion rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

4e2d15b97cde8f1d4a479e4baa8d6cf0101be41761be5eb9aa493235cf21f471.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  4e2d15b97cde8f1d4a479e4baa8d6cf0101be41761be5eb9aa493235cf21f471
- Size
  
  1.6MB
- MD5
  
  8c9ee3bfbe51d974f7803fa5befb8ee9
- SHA1
  
  8102be0780e16aa9ccc6a219c94b7fe2f1b60aac
- SHA256
  
  4e2d15b97cde8f1d4a479e4baa8d6cf0101be41761be5eb9aa493235cf21f471
- SHA512
  
  a552ea7f72223163c0ea338a1d4d69e961d4a68204cea0b89e580d2d155627b2f9a566ce0c65c0c6641b42253b225f9a24ac005f29671b8e7c39cf9dfe00201f
- SSDEEP
  
  24576:GD3aW204oHwEbVO8GI9nx8ZTDHrN/Sg6N5UYoIcvCNmplQYSm326:GDuCdhO8hnxqTDHR/h6V/tETQem6
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

© 2018-2024

Terms | Privacy