rms | f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4 | Triage

Submit
Reports

Overview

overview

Static

static

f482ebcd0a...f4.exe

windows7-x64

f482ebcd0a...f4.exe

windows10-2004-x64

Sharing

General

Target

f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4
Size

4.3MB
Sample

221130-wb8p5aee21
MD5

1e70fd57ca450025f58f08e6f43d3e89
SHA1

85aa2be789dcf465020a6affb99a7938a5da7ef6
SHA256

f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4
SHA512

4f7caecc0564d148970b7fd742f70658d3e0ced981440f012956ed6802544195a55886037e4c128d4bf01a232e72fb802630c8ad4f50510d137f0529ea761eae
SSDEEP

98304:PcrtMNtLqI88MvBQWnj7QEng+2BPn5zlbA46Juq/LfWFVw8aL:PCMNZqxvBQWnj7QCt25tlM4QuqjWFVc

Score

10^/10

rms aspackv2 rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4.exe

Resource

win7-20221111-en

rms aspackv2 rat trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4.exe

Resource

win10v2004-20220812-en

rms aspackv2 rat trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4
- Size
  
  4.3MB
- MD5
  
  1e70fd57ca450025f58f08e6f43d3e89
- SHA1
  
  85aa2be789dcf465020a6affb99a7938a5da7ef6
- SHA256
  
  f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4
- SHA512
  
  4f7caecc0564d148970b7fd742f70658d3e0ced981440f012956ed6802544195a55886037e4c128d4bf01a232e72fb802630c8ad4f50510d137f0529ea761eae
- SSDEEP
  
  98304:PcrtMNtLqI88MvBQWnj7QEng+2BPn5zlbA46Juq/LfWFVw8aL:PCMNZqxvBQWnj7QCt25tlM4QuqjWFVc
Score

10^/10

rms aspackv2 rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

rmsaspackv2rattrojanupx

behavioral2

rmsaspackv2rattrojanupx

© 2018-2024

Terms | Privacy