rms | 408d9d2fecc5ef52dc230bc50664cbcab28b97000b22e10c55b3b7cec4fbf34e | Triage

Submit
Reports

Overview

overview

Static

static

408d9d2fec...4e.exe

windows7-x64

408d9d2fec...4e.exe

windows10-2004-x64

Sharing

General

Target

408d9d2fecc5ef52dc230bc50664cbcab28b97000b22e10c55b3b7cec4fbf34e
Size

3.3MB
Sample

221127-sq8f5agd26
MD5

6627f3503fd971c24f274d670b9d6cd7
SHA1

b77b984497b6c3d1d695de6363b1b35d9a4c192e
SHA256

408d9d2fecc5ef52dc230bc50664cbcab28b97000b22e10c55b3b7cec4fbf34e
SHA512

cf9210fa61eb5fec5d8d3bf2ea7e22c1f2d5f54c5f80b71c4146f73a4369a3ea0e5b7489750ff6ec00fee347398d023fb8580c1a4e134932cbd3ff555b9f380a
SSDEEP

98304:VgwRLgSX5ZcttvsdEv9eL4UezmlplRUSJLWpAh:VgOgSX/GW+1SezmXlRDRT

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

408d9d2fecc5ef52dc230bc50664cbcab28b97000b22e10c55b3b7cec4fbf34e.exe

Resource

win7-20220901-en

rms evasion rat trojan upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

408d9d2fecc5ef52dc230bc50664cbcab28b97000b22e10c55b3b7cec4fbf34e.exe

Resource

win10v2004-20221111-en

rms evasion rat trojan upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  408d9d2fecc5ef52dc230bc50664cbcab28b97000b22e10c55b3b7cec4fbf34e
- Size
  
  3.3MB
- MD5
  
  6627f3503fd971c24f274d670b9d6cd7
- SHA1
  
  b77b984497b6c3d1d695de6363b1b35d9a4c192e
- SHA256
  
  408d9d2fecc5ef52dc230bc50664cbcab28b97000b22e10c55b3b7cec4fbf34e
- SHA512
  
  cf9210fa61eb5fec5d8d3bf2ea7e22c1f2d5f54c5f80b71c4146f73a4369a3ea0e5b7489750ff6ec00fee347398d023fb8580c1a4e134932cbd3ff555b9f380a
- SSDEEP
  
  98304:VgwRLgSX5ZcttvsdEv9eL4UezmlplRUSJLWpAh:VgOgSX/GW+1SezmXlRDRT
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

rmsevasionrattrojanupx

© 2018-2024

Terms | Privacy