rms | 6101b6a6a8b1ce2440646f642bea8d5a5cc8309090d61fbe465ee51b10c8af06 | Triage

Submit
Reports

Overview

overview

Static

static

1

6101b6a6a8...06.exe

windows7-x64

6101b6a6a8...06.exe

windows10-2004-x64

Sharing

General

Target

6101b6a6a8b1ce2440646f642bea8d5a5cc8309090d61fbe465ee51b10c8af06
Size

4.2MB
Sample

221123-vk4bbscb9z
MD5

d41139cc7547152f6f15e01ba4673c13
SHA1

0ab60c74a67bd45ca9b6f7b475cc08261a794faf
SHA256

6101b6a6a8b1ce2440646f642bea8d5a5cc8309090d61fbe465ee51b10c8af06
SHA512

673712b4109cd985394b2443296849be5c2f744a3c6e3caf1b3030bb2b2ec7748b015b9306d5cfecf544006981804d856d1ce5d927a39add95b91b0b0473dfd1
SSDEEP

98304:9Nio6GYhlGYi2gK6RqqNUHw4uIolk/3QIDpGYXV4cVYe:Di5hjGagTR34ilkPQ2AYXnWe

Score

10^/10

rms persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6101b6a6a8b1ce2440646f642bea8d5a5cc8309090d61fbe465ee51b10c8af06.exe

Resource

win7-20220901-en

rms persistence rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6101b6a6a8b1ce2440646f642bea8d5a5cc8309090d61fbe465ee51b10c8af06.exe

Resource

win10v2004-20220812-en

rms persistence rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  6101b6a6a8b1ce2440646f642bea8d5a5cc8309090d61fbe465ee51b10c8af06
- Size
  
  4.2MB
- MD5
  
  d41139cc7547152f6f15e01ba4673c13
- SHA1
  
  0ab60c74a67bd45ca9b6f7b475cc08261a794faf
- SHA256
  
  6101b6a6a8b1ce2440646f642bea8d5a5cc8309090d61fbe465ee51b10c8af06
- SHA512
  
  673712b4109cd985394b2443296849be5c2f744a3c6e3caf1b3030bb2b2ec7748b015b9306d5cfecf544006981804d856d1ce5d927a39add95b91b0b0473dfd1
- SSDEEP
  
  98304:9Nio6GYhlGYi2gK6RqqNUHw4uIolk/3QIDpGYXV4cVYe:Di5hjGagTR34ilkPQ2AYXnWe
Score

10^/10

rms persistence rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmspersistencerattrojan

behavioral2

rmspersistencerattrojan

© 2018-2024

Terms | Privacy