rms | 1a0066f09f9b09aea075bbd592cc4fb1cc2e56ccdcc31ff4816af4f059e66efd | Triage

Submit
Reports

Overview

overview

Static

static

3

Device/Har...at.exe

windows7-x64

Device/Har...at.exe

windows10-2004-x64

Sharing

General

Target

rat.exe
Size

4.4MB
Sample

230502-f5195shg34
MD5

5a969f8c093488f50782b31c3eef05b0
SHA1

23d4d7ffb40993c23350f9c201a21c5e3c10072e
SHA256

1a0066f09f9b09aea075bbd592cc4fb1cc2e56ccdcc31ff4816af4f059e66efd
SHA512

49a7246d6bad44700186268a4cba4b12ef8f01495ad8474816fc6a5305f479ce2c9e5b6d8b470a0f52af163d56c43e6540e89533b5352869b22bc6c773e3eb82
SSDEEP

98304:fryWc/Phnb/FpQP/Z6UkvxzA45CYS9d3tjpHipm/tn9TV/ukyAEALrE:OL/5/bQP/kZITn7F9ZWPAc

Score

10^/10

rms evasion rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Device/HarddiskVolume2/Windows/Fonts/win/rat.exe

Resource

win7-20230220-en

rms evasion rat trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Device/HarddiskVolume2/Windows/Fonts/win/rat.exe

Resource

win10v2004-20230221-en

rms evasion rat trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  Device/HarddiskVolume2/Windows/Fonts/win/rat.exe
- Size
  
  4.5MB
- MD5
  
  6029a73df701b89e8f2e63b81d573f8b
- SHA1
  
  4ccc0cf864b754c16cd59e3a91a2b5ffce111ffc
- SHA256
  
  a021d50b43316b250731b984a8922f07b688ba02be9d43767c82a382d614309f
- SHA512
  
  a4bd3d2dae496935604dcd64c2f23c495f025d4f35d7ce2696f8d619c65371e74a755cd4ea245b41e40fe82545a5ca9eeeed6c6b2f08e7e1bbb653e6ed560473
- SSDEEP
  
  98304:Ls5akhSst3Wbbiddqxm3nrktVwImIf3qXgv2/sgOML87xyXmA9faSS:4ayWf4dqxm3rkPwIfqQv2/sgrL87x8mJ
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

rmsevasionrattrojan

behavioral2

rmsevasionrattrojan

© 2018-2024

Terms | Privacy