rms | eb8cce04e68e0edf8d1f33b6b5fb79e89bb9abc5bf42fcd4b0df0360c9a86e1c | Triage

Submit
Reports

Overview

overview

Static

static

eb8cce04e6...1c.exe

windows7-x64

eb8cce04e6...1c.exe

windows10-2004-x64

Sharing

General

Target

eb8cce04e68e0edf8d1f33b6b5fb79e89bb9abc5bf42fcd4b0df0360c9a86e1c
Size

3.6MB
Sample

221205-hw4p1sbf3y
MD5

08d6651c58801b8ba799e21f2972aeec
SHA1

431166615f079fa7399620c96bb7854f1337d3d0
SHA256

eb8cce04e68e0edf8d1f33b6b5fb79e89bb9abc5bf42fcd4b0df0360c9a86e1c
SHA512

89f80ff6536a55f4ed677af6f36910e3796f5dc684d3dee1190a87735448508309d8b1b4211087bf44513cac0412e7dbdfd85e37234c97a11fced749f01adfc6
SSDEEP

98304:7JYtfH2yd+W+2dtu32yWx35rUDHvD9ICRDxq79u6e:7J82I+IujYp+PD78xA

Score

10^/10

rms rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

eb8cce04e68e0edf8d1f33b6b5fb79e89bb9abc5bf42fcd4b0df0360c9a86e1c.exe

Resource

win7-20221111-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

eb8cce04e68e0edf8d1f33b6b5fb79e89bb9abc5bf42fcd4b0df0360c9a86e1c.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  eb8cce04e68e0edf8d1f33b6b5fb79e89bb9abc5bf42fcd4b0df0360c9a86e1c
- Size
  
  3.6MB
- MD5
  
  08d6651c58801b8ba799e21f2972aeec
- SHA1
  
  431166615f079fa7399620c96bb7854f1337d3d0
- SHA256
  
  eb8cce04e68e0edf8d1f33b6b5fb79e89bb9abc5bf42fcd4b0df0360c9a86e1c
- SHA512
  
  89f80ff6536a55f4ed677af6f36910e3796f5dc684d3dee1190a87735448508309d8b1b4211087bf44513cac0412e7dbdfd85e37234c97a11fced749f01adfc6
- SSDEEP
  
  98304:7JYtfH2yd+W+2dtu32yWx35rUDHvD9ICRDxq79u6e:7J82I+IujYp+PD78xA
Score

10^/10

rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy