rms | fb5b2c339496d3c8ba00f1cec7ec98e0f78c07d69f77356de580063faf05a220 | Triage

Submit
Reports

Overview

overview

Static

static

8

fb5b2c3394...20.exe

windows7-x64

fb5b2c3394...20.exe

windows10-2004-x64

Sharing

General

Target

fb5b2c339496d3c8ba00f1cec7ec98e0f78c07d69f77356de580063faf05a220
Size

3.4MB
Sample

221126-vk6fpadc7w
MD5

474ce1d3f2e93c061262a0a647d90103
SHA1

805c410a9535795889225d7be3c682717ef42c22
SHA256

fb5b2c339496d3c8ba00f1cec7ec98e0f78c07d69f77356de580063faf05a220
SHA512

ff752509dfd449e9c93ae4fb095f3de7f38c10ab67f253d75b8f89715f1234810612baeaaa4b2991772f2cd8b39041852d116a286d5f306816f186a20216a27e
SSDEEP

98304:hwwviscLk1E6jnlvyqHaz5i0bqXWmS2u7PI7:hGscLkqMlvyq6oXUr7

Score

10^/10

rms evasion rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fb5b2c339496d3c8ba00f1cec7ec98e0f78c07d69f77356de580063faf05a220.exe

Resource

win7-20221111-en

rms evasion rat trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb5b2c339496d3c8ba00f1cec7ec98e0f78c07d69f77356de580063faf05a220.exe

Resource

win10v2004-20221111-en

rms evasion rat trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  fb5b2c339496d3c8ba00f1cec7ec98e0f78c07d69f77356de580063faf05a220
- Size
  
  3.4MB
- MD5
  
  474ce1d3f2e93c061262a0a647d90103
- SHA1
  
  805c410a9535795889225d7be3c682717ef42c22
- SHA256
  
  fb5b2c339496d3c8ba00f1cec7ec98e0f78c07d69f77356de580063faf05a220
- SHA512
  
  ff752509dfd449e9c93ae4fb095f3de7f38c10ab67f253d75b8f89715f1234810612baeaaa4b2991772f2cd8b39041852d116a286d5f306816f186a20216a27e
- SSDEEP
  
  98304:hwwviscLk1E6jnlvyqHaz5i0bqXWmS2u7PI7:hGscLkqMlvyq6oXUr7
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

rmsevasionrattrojanupx

© 2018-2024

Terms | Privacy