rms | 87dd4579bbd6ec0a0441297e0c136683bf3a504b0174d5461bad0234c775dd7c | Triage

Submit
Reports

Overview

overview

Static

static

87dd4579bb...7c.exe

windows7-x64

87dd4579bb...7c.exe

windows10-2004-x64

3

Sharing

General

Target

87dd4579bbd6ec0a0441297e0c136683bf3a504b0174d5461bad0234c775dd7c
Size

3.6MB
Sample

221126-n9f4rscb76
MD5

3d4eb406223fee2aeb47b7c90dbe5393
SHA1

2eaba78625f916a996f89abac4b5747f8fa45a69
SHA256

87dd4579bbd6ec0a0441297e0c136683bf3a504b0174d5461bad0234c775dd7c
SHA512

99edf6a3997f8144e4710398aea9a32d7cbaac54c8fc1af0633b7aa237bd75e11b452d1abcb2d9eb622de8be3697770ddd4dbb6610a0837328d1f1326e4d95f9
SSDEEP

98304:g8xy8Uico/KSaxViUcVulKgNUq03aG25Zw:g8xyKPOV1QmUqx3

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

87dd4579bbd6ec0a0441297e0c136683bf3a504b0174d5461bad0234c775dd7c.exe

Resource

win7-20220812-en

rms evasion rat trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

87dd4579bbd6ec0a0441297e0c136683bf3a504b0174d5461bad0234c775dd7c.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  87dd4579bbd6ec0a0441297e0c136683bf3a504b0174d5461bad0234c775dd7c
- Size
  
  3.6MB
- MD5
  
  3d4eb406223fee2aeb47b7c90dbe5393
- SHA1
  
  2eaba78625f916a996f89abac4b5747f8fa45a69
- SHA256
  
  87dd4579bbd6ec0a0441297e0c136683bf3a504b0174d5461bad0234c775dd7c
- SHA512
  
  99edf6a3997f8144e4710398aea9a32d7cbaac54c8fc1af0633b7aa237bd75e11b452d1abcb2d9eb622de8be3697770ddd4dbb6610a0837328d1f1326e4d95f9
- SSDEEP
  
  98304:g8xy8Uico/KSaxViUcVulKgNUq03aG25Zw:g8xyKPOV1QmUqx3
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

© 2018-2024

Terms | Privacy