rms | cb3a4e1b980e21596c8d39c4f8babc1a225f57e918f1acd750a3e1c713873aa8 | Triage

Submit
Reports

Overview

overview

Static

static

cb3a4e1b98...a8.exe

windows7-x64

cb3a4e1b98...a8.exe

windows10-2004-x64

Sharing

General

Target

cb3a4e1b980e21596c8d39c4f8babc1a225f57e918f1acd750a3e1c713873aa8
Size

3.3MB
Sample

221127-fdk4vaaf46
MD5

3034a42900fbface754e83567cb1e8b8
SHA1

6538da3b999db0894615130fd300a4f2c225c108
SHA256

cb3a4e1b980e21596c8d39c4f8babc1a225f57e918f1acd750a3e1c713873aa8
SHA512

28bc6dd4d9893afe881b0dd456fb361aa3b151e2f3330432a96cf7ae77c429b6d2ff7a503f62ce71a6e0d247f42aa94b36fd1f8f125548226ed5355a8ca60330
SSDEEP

98304:GsTpLAuoFngsWRfajfdJf+S8kvah7iy7cYiwOBpIeWH:GsTp8uoF7fdJmRkyh7iehi1zwH

Score

10^/10

rms evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

cb3a4e1b980e21596c8d39c4f8babc1a225f57e918f1acd750a3e1c713873aa8.exe

Resource

win7-20220812-en

rms evasion rat trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

cb3a4e1b980e21596c8d39c4f8babc1a225f57e918f1acd750a3e1c713873aa8.exe

Resource

win10v2004-20220812-en

rms evasion rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  cb3a4e1b980e21596c8d39c4f8babc1a225f57e918f1acd750a3e1c713873aa8
- Size
  
  3.3MB
- MD5
  
  3034a42900fbface754e83567cb1e8b8
- SHA1
  
  6538da3b999db0894615130fd300a4f2c225c108
- SHA256
  
  cb3a4e1b980e21596c8d39c4f8babc1a225f57e918f1acd750a3e1c713873aa8
- SHA512
  
  28bc6dd4d9893afe881b0dd456fb361aa3b151e2f3330432a96cf7ae77c429b6d2ff7a503f62ce71a6e0d247f42aa94b36fd1f8f125548226ed5355a8ca60330
- SSDEEP
  
  98304:GsTpLAuoFngsWRfajfdJf+S8kvah7iy7cYiwOBpIeWH:GsTp8uoF7fdJmRkyh7iehi1zwH
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

rmsevasionrattrojan

behavioral2

rmsevasionrattrojan

© 2018-2024

Terms | Privacy