rms | 505cd63c932062ba1588274ab66fc52ca88bdb017481ce2286d54e096eab773f | Triage

Submit
Reports

Overview

overview

Static

static

505cd63c93...3f.exe

windows7-x64

505cd63c93...3f.exe

windows10-2004-x64

Sharing

General

Target

505cd63c932062ba1588274ab66fc52ca88bdb017481ce2286d54e096eab773f
Size

1.3MB
Sample

221128-d8av9agb8v
MD5

9b0203bba061b219a93707efbd1e7c7a
SHA1

252c00ee2749e0d1db79553cf49334c240908cad
SHA256

505cd63c932062ba1588274ab66fc52ca88bdb017481ce2286d54e096eab773f
SHA512

6ee37a8e637343581fe1c004a3fbdc23b5a5b3e6b1ed1f10b3b42fac1144f147384fcb94c80bae72dd8efc2db14742828bcf1f018bdddd1d41fc4c037b2a2225
SSDEEP

24576:PaUxvxK4nXQEuJhZMPfpwAuTJOmzORONakqXRlaL8TsJyyMptS:5JKyXvuDUfUHTNZwaL8IJyhps

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

505cd63c932062ba1588274ab66fc52ca88bdb017481ce2286d54e096eab773f.exe

Resource

win7-20221111-en

rms evasion rat trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

505cd63c932062ba1588274ab66fc52ca88bdb017481ce2286d54e096eab773f.exe

Resource

win10v2004-20220901-en

rms evasion rat trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  505cd63c932062ba1588274ab66fc52ca88bdb017481ce2286d54e096eab773f
- Size
  
  1.3MB
- MD5
  
  9b0203bba061b219a93707efbd1e7c7a
- SHA1
  
  252c00ee2749e0d1db79553cf49334c240908cad
- SHA256
  
  505cd63c932062ba1588274ab66fc52ca88bdb017481ce2286d54e096eab773f
- SHA512
  
  6ee37a8e637343581fe1c004a3fbdc23b5a5b3e6b1ed1f10b3b42fac1144f147384fcb94c80bae72dd8efc2db14742828bcf1f018bdddd1d41fc4c037b2a2225
- SSDEEP
  
  24576:PaUxvxK4nXQEuJhZMPfpwAuTJOmzORONakqXRlaL8TsJyyMptS:5JKyXvuDUfUHTNZwaL8IJyhps
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

rmsevasionrattrojanupx

© 2018-2024

Terms | Privacy