rms | d15542db83fc30a75413bf0b0e945e7298f08077b2129ce6b6e02bf895413cf8 | Triage

Submit
Reports

Overview

overview

Static

static

d15542db83...f8.exe

windows7-x64

d15542db83...f8.exe

windows10-2004-x64

Sharing

General

Target

d15542db83fc30a75413bf0b0e945e7298f08077b2129ce6b6e02bf895413cf8
Size

4.2MB
Sample

230129-v3d46aha2s
MD5

89b289f7bd1cd963d28f85bd57708400
SHA1

31da890ba18fc9d29dfadef6ff18c434b963d347
SHA256

d15542db83fc30a75413bf0b0e945e7298f08077b2129ce6b6e02bf895413cf8
SHA512

5c53fea8c7938ac81f4fdf53772103ae4aa3524819094f43c07ec734df1fb0a0989de4bc334e55393c87b6dc2621d6f8da38d7c4b6742597c20517228173e0b0
SSDEEP

98304:PHPOw4YFZhunRGzIMVTF+6cEdYhs9mgyAn9/odJcF:PHPOw4YDhuR8lTuAyedoQF

Score

10^/10

rms aspackv2 rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

d15542db83fc30a75413bf0b0e945e7298f08077b2129ce6b6e02bf895413cf8.exe

Resource

win7-20220901-en

rms aspackv2 rat trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

d15542db83fc30a75413bf0b0e945e7298f08077b2129ce6b6e02bf895413cf8.exe

Resource

win10v2004-20221111-en

rms aspackv2 rat trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  d15542db83fc30a75413bf0b0e945e7298f08077b2129ce6b6e02bf895413cf8
- Size
  
  4.2MB
- MD5
  
  89b289f7bd1cd963d28f85bd57708400
- SHA1
  
  31da890ba18fc9d29dfadef6ff18c434b963d347
- SHA256
  
  d15542db83fc30a75413bf0b0e945e7298f08077b2129ce6b6e02bf895413cf8
- SHA512
  
  5c53fea8c7938ac81f4fdf53772103ae4aa3524819094f43c07ec734df1fb0a0989de4bc334e55393c87b6dc2621d6f8da38d7c4b6742597c20517228173e0b0
- SSDEEP
  
  98304:PHPOw4YFZhunRGzIMVTF+6cEdYhs9mgyAn9/odJcF:PHPOw4YDhuR8lTuAyedoQF
Score

10^/10

rms aspackv2 rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsaspackv2rattrojanupx

behavioral2

rmsaspackv2rattrojanupx

© 2018-2025

Terms | Privacy