rms | b9c65893800d1c04fb13078fd3fc2bd0e7cd1fb0eac9b6bfbc9bba15ff9f32f7 | Triage

Submit
Reports

Overview

overview

Static

static

b9c6589380...f7.exe

windows7-x64

b9c6589380...f7.exe

windows10-2004-x64

Sharing

General

Target

b9c65893800d1c04fb13078fd3fc2bd0e7cd1fb0eac9b6bfbc9bba15ff9f32f7
Size

6.4MB
Sample

221127-kwsc4ahe6x
MD5

eaa15cfa6df1f8ff32d5fa6024922d6f
SHA1

d8f2fc4ec0bcd3f3a4b7ea644b5214fa8dd7f42e
SHA256

b9c65893800d1c04fb13078fd3fc2bd0e7cd1fb0eac9b6bfbc9bba15ff9f32f7
SHA512

86a3c617eded125e2f437245e585452374077916d3d2b552a033331e0fc16e99ac59ee370fb4c15d37e948119a2573a98a1fa184909794cc47d525aad03c0ba7
SSDEEP

196608:NM7/ZBDE9DfH2yVpFofWqPmWInEZyxoTL2s6kL:NmW9DuyVpFoPZyxoHIa

Score

10^/10

rms discovery rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

b9c65893800d1c04fb13078fd3fc2bd0e7cd1fb0eac9b6bfbc9bba15ff9f32f7.exe

Resource

win7-20220812-en

rms discovery rat trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

b9c65893800d1c04fb13078fd3fc2bd0e7cd1fb0eac9b6bfbc9bba15ff9f32f7.exe

Resource

win10v2004-20220812-en

rms discovery rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  b9c65893800d1c04fb13078fd3fc2bd0e7cd1fb0eac9b6bfbc9bba15ff9f32f7
- Size
  
  6.4MB
- MD5
  
  eaa15cfa6df1f8ff32d5fa6024922d6f
- SHA1
  
  d8f2fc4ec0bcd3f3a4b7ea644b5214fa8dd7f42e
- SHA256
  
  b9c65893800d1c04fb13078fd3fc2bd0e7cd1fb0eac9b6bfbc9bba15ff9f32f7
- SHA512
  
  86a3c617eded125e2f437245e585452374077916d3d2b552a033331e0fc16e99ac59ee370fb4c15d37e948119a2573a98a1fa184909794cc47d525aad03c0ba7
- SSDEEP
  
  196608:NM7/ZBDE9DfH2yVpFofWqPmWInEZyxoTL2s6kL:NmW9DuyVpFoPZyxoHIa
Score

10^/10

rms discovery rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

rmsdiscoveryrattrojan

behavioral2

rmsdiscoveryrattrojan

© 2018-2024

Terms | Privacy