rms | e333a0f636d2504eeea190769488506a77ed1f0bf8f2535e86c728971e068abe | Triage

Submit
Reports

Overview

overview

Static

static

e333a0f636...be.exe

windows7-x64

e333a0f636...be.exe

windows10-2004-x64

Sharing

General

Target

e333a0f636d2504eeea190769488506a77ed1f0bf8f2535e86c728971e068abe
Size

4.1MB
Sample

221127-yp1yjsec54
MD5

eae75b37854b85772f17ac14433d1c9c
SHA1

548cdfc98868615232033618b6bd926c20e25acd
SHA256

e333a0f636d2504eeea190769488506a77ed1f0bf8f2535e86c728971e068abe
SHA512

3b234d252a479940a8f9b2171a59eb90e927db671ffc5bcffec925ec07ca410f050929ebb2c232cda3aca1752542e1d3ca67a70f17c2ee0f0498812c30aae512
SSDEEP

98304:VgwRVwrPDPnWKw6ki4JNHrotxdJP2jTqmuX3O2HChZy7hx:VgCIu5cUpoXdJuSmyOXo7b

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

e333a0f636d2504eeea190769488506a77ed1f0bf8f2535e86c728971e068abe.exe

Resource

win7-20220812-en

rms evasion rat trojan upx

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

e333a0f636d2504eeea190769488506a77ed1f0bf8f2535e86c728971e068abe.exe

Resource

win10v2004-20220812-en

rms evasion rat trojan upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  e333a0f636d2504eeea190769488506a77ed1f0bf8f2535e86c728971e068abe
- Size
  
  4.1MB
- MD5
  
  eae75b37854b85772f17ac14433d1c9c
- SHA1
  
  548cdfc98868615232033618b6bd926c20e25acd
- SHA256
  
  e333a0f636d2504eeea190769488506a77ed1f0bf8f2535e86c728971e068abe
- SHA512
  
  3b234d252a479940a8f9b2171a59eb90e927db671ffc5bcffec925ec07ca410f050929ebb2c232cda3aca1752542e1d3ca67a70f17c2ee0f0498812c30aae512
- SSDEEP
  
  98304:VgwRVwrPDPnWKw6ki4JNHrotxdJP2jTqmuX3O2HChZy7hx:VgCIu5cUpoXdJuSmyOXo7b
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

rmsevasionrattrojanupx

© 2018-2024

Terms | Privacy