rms | 3a6b2b890d0f5071191021f4850632a827a5e17f9d72855a65e253d8125e1de8 | Triage

Submit
Reports

Overview

overview

Static

static

3a6b2b890d...e8.exe

windows7-x64

3a6b2b890d...e8.exe

windows10-2004-x64

Sharing

General

Target

3a6b2b890d0f5071191021f4850632a827a5e17f9d72855a65e253d8125e1de8
Size

6.2MB
Sample

221126-p5a8dsdh38
MD5

d72290cd8656ce7ac855e46a5c716019
SHA1

5d25cc2f93479c438b7d1e2470f2d7320f661ccb
SHA256

3a6b2b890d0f5071191021f4850632a827a5e17f9d72855a65e253d8125e1de8
SHA512

edb4777a1499d58219c02ff7f34bf7d30ce5924390ed0fcc773e3552c2091fa38d7439488e294b3246e4985f5c10675bf9231596f73396c855758562aa6d972f
SSDEEP

98304:tWHzMCPRU7pQiHFGZ3aHmkbfkZpsPrcqqrfYL0RZWQnPQRm+SlDGj9uVO6UT+PfL:tozM4a7pzAaHdzkIPw9Y0S6PQRya5AJ

Score

10^/10

rms rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

3a6b2b890d0f5071191021f4850632a827a5e17f9d72855a65e253d8125e1de8.exe

Resource

win7-20220901-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a6b2b890d0f5071191021f4850632a827a5e17f9d72855a65e253d8125e1de8.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  3a6b2b890d0f5071191021f4850632a827a5e17f9d72855a65e253d8125e1de8
- Size
  
  6.2MB
- MD5
  
  d72290cd8656ce7ac855e46a5c716019
- SHA1
  
  5d25cc2f93479c438b7d1e2470f2d7320f661ccb
- SHA256
  
  3a6b2b890d0f5071191021f4850632a827a5e17f9d72855a65e253d8125e1de8
- SHA512
  
  edb4777a1499d58219c02ff7f34bf7d30ce5924390ed0fcc773e3552c2091fa38d7439488e294b3246e4985f5c10675bf9231596f73396c855758562aa6d972f
- SSDEEP
  
  98304:tWHzMCPRU7pQiHFGZ3aHmkbfkZpsPrcqqrfYL0RZWQnPQRm+SlDGj9uVO6UT+PfL:tozM4a7pzAaHdzkIPw9Y0S6PQRya5AJ
Score

10^/10

rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy