rms | 7a752317f8a8a458efc1765b8b2f5742826a2783ec66250088db87aaacb40aa7 | Triage

Submit
Reports

Overview

overview

Static

static

7a752317f8...a7.exe

windows7-x64

7a752317f8...a7.exe

windows10-2004-x64

Sharing

General

Target

7a752317f8a8a458efc1765b8b2f5742826a2783ec66250088db87aaacb40aa7
Size

5.6MB
Sample

221129-xc1xcaeg48
MD5

7cea6423e3e64ba10970bfb85e00f870
SHA1

c7746f81e20e4e91b6561a9fc0dd8208a68d6a97
SHA256

7a752317f8a8a458efc1765b8b2f5742826a2783ec66250088db87aaacb40aa7
SHA512

7be8f14fa8dae215d91ddb766b9f4ecab417c0d66f78dfb440593023e9f724cc5bc99ac338c0ae0f6cd4204a590dbef96d545947e18e209fa93846a522b7e410
SSDEEP

98304:n3EK/++6Vi0c8bxdes9qRAYCEZtub6Rkxugl3eGXv1KyhtOte65KlE9UyMb:n3f9vgxnwRAosAyeGfMyrvd

Score

10^/10

rms evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

7a752317f8a8a458efc1765b8b2f5742826a2783ec66250088db87aaacb40aa7.exe

Resource

win7-20221111-en

rms evasion rat trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

7a752317f8a8a458efc1765b8b2f5742826a2783ec66250088db87aaacb40aa7.exe

Resource

win10v2004-20220812-en

rms evasion rat trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  7a752317f8a8a458efc1765b8b2f5742826a2783ec66250088db87aaacb40aa7
- Size
  
  5.6MB
- MD5
  
  7cea6423e3e64ba10970bfb85e00f870
- SHA1
  
  c7746f81e20e4e91b6561a9fc0dd8208a68d6a97
- SHA256
  
  7a752317f8a8a458efc1765b8b2f5742826a2783ec66250088db87aaacb40aa7
- SHA512
  
  7be8f14fa8dae215d91ddb766b9f4ecab417c0d66f78dfb440593023e9f724cc5bc99ac338c0ae0f6cd4204a590dbef96d545947e18e209fa93846a522b7e410
- SSDEEP
  
  98304:n3EK/++6Vi0c8bxdes9qRAYCEZtub6Rkxugl3eGXv1KyhtOte65KlE9UyMb:n3f9vgxnwRAosAyeGfMyrvd
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

rmsevasionrattrojan

behavioral2

rmsevasionrattrojan

© 2018-2024

Terms | Privacy