rms | c650d3c4996f85b5149f5160fc48855e91184b9906ca5436c7db1daf6bd5649e | Triage

Submit
Reports

Overview

overview

Static

static

c650d3c499...9e.exe

windows7-x64

c650d3c499...9e.exe

windows10-2004-x64

Sharing

General

Target

c650d3c4996f85b5149f5160fc48855e91184b9906ca5436c7db1daf6bd5649e
Size

4.2MB
Sample

221124-pcr1facf72
MD5

e3840926ecd0a127933545a34308e154
SHA1

5a92233eef65c27de9920b0b448de6ac6983778d
SHA256

c650d3c4996f85b5149f5160fc48855e91184b9906ca5436c7db1daf6bd5649e
SHA512

9b3bb3306c56ca490601f78445dcd8dbf6437f42bab67cc93d6baa6e81e33fddbd4da6f5e26aaf60f43d40a83aa9a700521f35e09504a82db90fd78ffefa3a2e
SSDEEP

98304:RpZb+Ma7ksZGweOjnvbE7WSW1xTAvpB+VK5/FoUS96:Bb+CurBjjE7WSWe+VKvpS96

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

c650d3c4996f85b5149f5160fc48855e91184b9906ca5436c7db1daf6bd5649e.exe

Resource

win7-20220901-en

rms evasion rat trojan upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

c650d3c4996f85b5149f5160fc48855e91184b9906ca5436c7db1daf6bd5649e.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  c650d3c4996f85b5149f5160fc48855e91184b9906ca5436c7db1daf6bd5649e
- Size
  
  4.2MB
- MD5
  
  e3840926ecd0a127933545a34308e154
- SHA1
  
  5a92233eef65c27de9920b0b448de6ac6983778d
- SHA256
  
  c650d3c4996f85b5149f5160fc48855e91184b9906ca5436c7db1daf6bd5649e
- SHA512
  
  9b3bb3306c56ca490601f78445dcd8dbf6437f42bab67cc93d6baa6e81e33fddbd4da6f5e26aaf60f43d40a83aa9a700521f35e09504a82db90fd78ffefa3a2e
- SSDEEP
  
  98304:RpZb+Ma7ksZGweOjnvbE7WSW1xTAvpB+VK5/FoUS96:Bb+CurBjjE7WSWe+VKvpS96
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

© 2018-2024

Terms | Privacy