rms | ce980dfdde975dea04d30301133ef8057bcf06669f7a023215cab1387b9e90e7 | Triage

Submit
Reports

Overview

overview

Static

static

ce980dfdde...e7.exe

windows7-x64

ce980dfdde...e7.exe

windows10-2004-x64

Sharing

General

Target

ce980dfdde975dea04d30301133ef8057bcf06669f7a023215cab1387b9e90e7
Size

3.9MB
Sample

221205-3tjx2scb81
MD5

3115ae3f07c79e025c5f1d443b9599aa
SHA1

6afa27129ccb2d60143813b860a6c8fb5a9fc14d
SHA256

ce980dfdde975dea04d30301133ef8057bcf06669f7a023215cab1387b9e90e7
SHA512

bf52d506389be07b540b98cd6d132ec2d461cc4e53448862af560aead087a76f5a1ac96f8ba81e31e52617da9a494f9278287f9dfa2f4e71035c8127a61a49ab
SSDEEP

49152:N0kwPNXIDzdVl5g9QW2LA7KVbfmaL4CcTsikCSfJ6uBg6hASFpsa4krLWlzxfjgH:G/INaaW8A7KR+YxcTsiq0uBHxrLWldgx

Score

10^/10

rms evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ce980dfdde975dea04d30301133ef8057bcf06669f7a023215cab1387b9e90e7.exe

Resource

win7-20221111-en

rms evasion rat trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

ce980dfdde975dea04d30301133ef8057bcf06669f7a023215cab1387b9e90e7.exe

Resource

win10v2004-20220901-en

rms evasion rat trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  ce980dfdde975dea04d30301133ef8057bcf06669f7a023215cab1387b9e90e7
- Size
  
  3.9MB
- MD5
  
  3115ae3f07c79e025c5f1d443b9599aa
- SHA1
  
  6afa27129ccb2d60143813b860a6c8fb5a9fc14d
- SHA256
  
  ce980dfdde975dea04d30301133ef8057bcf06669f7a023215cab1387b9e90e7
- SHA512
  
  bf52d506389be07b540b98cd6d132ec2d461cc4e53448862af560aead087a76f5a1ac96f8ba81e31e52617da9a494f9278287f9dfa2f4e71035c8127a61a49ab
- SSDEEP
  
  49152:N0kwPNXIDzdVl5g9QW2LA7KVbfmaL4CcTsikCSfJ6uBg6hASFpsa4krLWlzxfjgH:G/INaaW8A7KR+YxcTsiq0uBHxrLWldgx
Score

10^/10

rms evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionrattrojanupx

behavioral2

rmsevasionrattrojanupx

© 2018-2024

Terms | Privacy