rms | 3d5a13dea83c760966a300e15bdde47920600ff6a5cbe8eaf6aaf4a25679f4a3 | Triage

Submit
Reports

Overview

overview

Static

static

3d5a13dea8...a3.exe

windows7-x64

3d5a13dea8...a3.exe

windows10-2004-x64

Sharing

General

Target

3d5a13dea83c760966a300e15bdde47920600ff6a5cbe8eaf6aaf4a25679f4a3
Size

2.8MB
Sample

221124-pr8xhagg6s
MD5

9f8c4acc5a1b56b472d693b14a18ce10
SHA1

80361275f2d655895e6939f5a5ce4b7b40221a0c
SHA256

3d5a13dea83c760966a300e15bdde47920600ff6a5cbe8eaf6aaf4a25679f4a3
SHA512

b530e40e77c0d28370f5470c3b4c5587e39f7cc130177086bc36daa46faf6eeb74966e7b6ac103a833ada60c0d8df1d09916196c5d5204b01a9030ab8a6faf3c
SSDEEP

49152:QAJYxdPGHh9DdPAKcbOsFLMG3WazYYEW+lquVf8SwgmXH7Sb7rzDEjSmJ:7JYb0h0KcbLFLMbasYsGxHAjIjj

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

3d5a13dea83c760966a300e15bdde47920600ff6a5cbe8eaf6aaf4a25679f4a3.exe

Resource

win7-20220901-en

rms evasion rat trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

3d5a13dea83c760966a300e15bdde47920600ff6a5cbe8eaf6aaf4a25679f4a3.exe

Resource

win10v2004-20221111-en

rms evasion rat trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  3d5a13dea83c760966a300e15bdde47920600ff6a5cbe8eaf6aaf4a25679f4a3
- Size
  
  2.8MB
- MD5
  
  9f8c4acc5a1b56b472d693b14a18ce10
- SHA1
  
  80361275f2d655895e6939f5a5ce4b7b40221a0c
- SHA256
  
  3d5a13dea83c760966a300e15bdde47920600ff6a5cbe8eaf6aaf4a25679f4a3
- SHA512
  
  b530e40e77c0d28370f5470c3b4c5587e39f7cc130177086bc36daa46faf6eeb74966e7b6ac103a833ada60c0d8df1d09916196c5d5204b01a9030ab8a6faf3c
- SSDEEP
  
  49152:QAJYxdPGHh9DdPAKcbOsFLMG3WazYYEW+lquVf8SwgmXH7Sb7rzDEjSmJ:7JYb0h0KcbLFLMbasYsGxHAjIjj
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

rmsevasionrattrojanupx

© 2018-2024

Terms | Privacy