rms | 8cea95f9ce9e5cf6dee53eee1b3dcf0a85a80a699575db64869a85636bf1017f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

8CEA95F9CE...5D.exe

windows7-x64

8CEA95F9CE...5D.exe

windows10-2004-x64

Sharing

General

Target

8CEA95F9CE9E5CF6DEE53EEE1B3DCF0A85A80A699575D.exe
Size

11.1MB
Sample

221229-rbjzjsgd61
MD5

3e45070153f2ffd2c0aa313d2b593407
SHA1

d6a8d1fb41d56ddb871d979ab6ad1fafcc4a5f06
SHA256

8cea95f9ce9e5cf6dee53eee1b3dcf0a85a80a699575db64869a85636bf1017f
SHA512

c792d1e74142090ae49217bd76598901c9d84f497fc8ce32cf3fe11eab5c260d66cf0f049662aafa65f6816d03344bbb586556c3e5c000ddf287b46a2576e5b5
SSDEEP

196608:slMUmnmOZzGmn4xhCERU2jvomUTc5bw3khB74M90NKsfayjUQ8jF59D9Pr:s/WmozGmsCe3UMYm12NjayT+Frt

Score

10^/10

rms rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8CEA95F9CE9E5CF6DEE53EEE1B3DCF0A85A80A699575D.exe

Resource

win7-20220901-en

rms rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8CEA95F9CE9E5CF6DEE53EEE1B3DCF0A85A80A699575D.exe

Resource

win10v2004-20220812-en

rms rat trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  8CEA95F9CE9E5CF6DEE53EEE1B3DCF0A85A80A699575D.exe
- Size
  
  11.1MB
- MD5
  
  3e45070153f2ffd2c0aa313d2b593407
- SHA1
  
  d6a8d1fb41d56ddb871d979ab6ad1fafcc4a5f06
- SHA256
  
  8cea95f9ce9e5cf6dee53eee1b3dcf0a85a80a699575db64869a85636bf1017f
- SHA512
  
  c792d1e74142090ae49217bd76598901c9d84f497fc8ce32cf3fe11eab5c260d66cf0f049662aafa65f6816d03344bbb586556c3e5c000ddf287b46a2576e5b5
- SSDEEP
  
  196608:slMUmnmOZzGmn4xhCERU2jvomUTc5bw3khB74M90NKsfayjUQ8jF59D9Pr:s/WmozGmsCe3UMYm12NjayT+Frt
Score

10^/10

rms rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsrattrojanupx

behavioral2

rmsrattrojanupx

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.