rms | 8902ffe6842a29cccb22a4c271a54e40817d5e1101cdba0b003478be7c29289b | Triage

Submit
Reports

Overview

overview

Static

static

1

8902ffe684...9b.exe

windows7-x64

8902ffe684...9b.exe

windows10-2004-x64

Sharing

General

Target

8902ffe6842a29cccb22a4c271a54e40817d5e1101cdba0b003478be7c29289b
Size

4.2MB
Sample

221124-2mgzfadf62
MD5

083979f7aca2927d0cb60ba7073ec034
SHA1

9ee485389b636b7d7996ff8e3ae14bf82119a7c8
SHA256

8902ffe6842a29cccb22a4c271a54e40817d5e1101cdba0b003478be7c29289b
SHA512

6c2ac963d906bbae829a6af3a2530cd3824e7253d4653831af7456405d10986879fcac0532a875db17d7c943f05a366b060bf2d566ee30233b7ad6a3c0584c8b
SSDEEP

98304:SNio6GYhlGYi2gK6RqqNUHw4uIolk/3QIDpGYXV4cVYU:0i5hjGagTR34ilkPQ2AYXnWU

Score

10^/10

rms persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8902ffe6842a29cccb22a4c271a54e40817d5e1101cdba0b003478be7c29289b.exe

Resource

win7-20220812-en

rms persistence rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

8902ffe6842a29cccb22a4c271a54e40817d5e1101cdba0b003478be7c29289b.exe

Resource

win10v2004-20221111-en

rms persistence rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  8902ffe6842a29cccb22a4c271a54e40817d5e1101cdba0b003478be7c29289b
- Size
  
  4.2MB
- MD5
  
  083979f7aca2927d0cb60ba7073ec034
- SHA1
  
  9ee485389b636b7d7996ff8e3ae14bf82119a7c8
- SHA256
  
  8902ffe6842a29cccb22a4c271a54e40817d5e1101cdba0b003478be7c29289b
- SHA512
  
  6c2ac963d906bbae829a6af3a2530cd3824e7253d4653831af7456405d10986879fcac0532a875db17d7c943f05a366b060bf2d566ee30233b7ad6a3c0584c8b
- SSDEEP
  
  98304:SNio6GYhlGYi2gK6RqqNUHw4uIolk/3QIDpGYXV4cVYU:0i5hjGagTR34ilkPQ2AYXnWU
Score

10^/10

rms persistence rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmspersistencerattrojan

behavioral2

rmspersistencerattrojan

© 2018-2025

Terms | Privacy