rms | 11106db175a8067ddbc213820da1f12f04b2918e946eaee6685f1dd6c9942448 | Triage

Submit
Reports

Overview

overview

Static

static

3

Device/Har...at.exe

windows7-x64

Device/Har...at.exe

windows10-2004-x64

Sharing

General

Target

rat.exe
Size

4.4MB
Sample

230429-k551jsad77
MD5

9d618b07027a55f2151a331aeaf5cc50
SHA1

b9445a7e056a927f5353e65cf08af5fddef501f4
SHA256

11106db175a8067ddbc213820da1f12f04b2918e946eaee6685f1dd6c9942448
SHA512

941afe43810ecc7e4d03f9ce93c1827a8e36d73687a854abbb252f97871f9b703acd7c07235148429a804cf90a472cefa5b024baddeb16581153e2cd964d1e07
SSDEEP

98304:ECAmwvTqja7ScRj6XsolkmkDyxz3o28iKUUuDlAapnFy1ANq:EHL+ISiadmm443o14PDlAapFy1ANq

Score

10^/10

rms evasion rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Device/HarddiskVolume2/Windows/Fonts/win/rat.exe

Resource

win7-20230220-en

rms evasion rat trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Device/HarddiskVolume2/Windows/Fonts/win/rat.exe

Resource

win10v2004-20230220-en

rms evasion rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  Device/HarddiskVolume2/Windows/Fonts/win/rat.exe
- Size
  
  4.5MB
- MD5
  
  6029a73df701b89e8f2e63b81d573f8b
- SHA1
  
  4ccc0cf864b754c16cd59e3a91a2b5ffce111ffc
- SHA256
  
  a021d50b43316b250731b984a8922f07b688ba02be9d43767c82a382d614309f
- SHA512
  
  a4bd3d2dae496935604dcd64c2f23c495f025d4f35d7ce2696f8d619c65371e74a755cd4ea245b41e40fe82545a5ca9eeeed6c6b2f08e7e1bbb653e6ed560473
- SSDEEP
  
  98304:Ls5akhSst3Wbbiddqxm3nrktVwImIf3qXgv2/sgOML87xyXmA9faSS:4ayWf4dqxm3rkPwIfqQv2/sgrL87x8mJ
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

rmsevasionrattrojan

behavioral2

rmsevasionrattrojan

© 2018-2024

Terms | Privacy