rms | a2ad752f8af38dd03893670fdf4d267a3c3d44e2a61bab8d751d217c2b1550e7 | Triage

Submit
Reports

Overview

overview

Static

static

FF345C86F3...77.exe

windows7-x64

FF345C86F3...77.exe

windows10-2004-x64

Sharing

General

Target

FF345C86F376DDAE9C9D4219493BA077.exe
Size

6.2MB
Sample

221219-xfyw6aag9x
MD5

ff345c86f376ddae9c9d4219493ba077
SHA1

3d5cd572bc34e76d254d7538d74d6c78a2e061f6
SHA256

a2ad752f8af38dd03893670fdf4d267a3c3d44e2a61bab8d751d217c2b1550e7
SHA512

737bb607216557d3b97a773a7c1ec129130dd21a283a2ab52dcf5dcd699a96b24a3ed359a0631ec5afa0d404db27693a95bb06919c496a1b82bfefe6c5701f0d
SSDEEP

98304:3TMglaGJi4JhgiIVqskETxGaYequQ+vVNYENTGBxX9WVLE8zjNBumjiQcNOyfAb:3ogapEZSeaYeqS8UYWtzmmUJAb

Score

10^/10

rms rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

FF345C86F376DDAE9C9D4219493BA077.exe

Resource

win7-20220812-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

FF345C86F376DDAE9C9D4219493BA077.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  FF345C86F376DDAE9C9D4219493BA077.exe
- Size
  
  6.2MB
- MD5
  
  ff345c86f376ddae9c9d4219493ba077
- SHA1
  
  3d5cd572bc34e76d254d7538d74d6c78a2e061f6
- SHA256
  
  a2ad752f8af38dd03893670fdf4d267a3c3d44e2a61bab8d751d217c2b1550e7
- SHA512
  
  737bb607216557d3b97a773a7c1ec129130dd21a283a2ab52dcf5dcd699a96b24a3ed359a0631ec5afa0d404db27693a95bb06919c496a1b82bfefe6c5701f0d
- SSDEEP
  
  98304:3TMglaGJi4JhgiIVqskETxGaYequQ+vVNYENTGBxX9WVLE8zjNBumjiQcNOyfAb:3ogapEZSeaYeqS8UYWtzmmUJAb
Score

10^/10

rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy