rms | 5874294f3f7c4fe472b836c5b96262a44a5a42f96e186f11cce4777d1ad9688d | Triage

Submit
Reports

Overview

overview

Static

static

7

da301d359b...2f.exe

windows7-x64

da301d359b...2f.exe

windows10-2004-x64

Sharing

General

Target

46fb7cafdf2dbb555201cfaaf104c1d3.bin
Size

16.5MB
Sample

230511-btq8ksch6w
MD5

c8905835909a39f311505cdeaadb2aa8
SHA1

80720e5d753b63066518673b44d3e7d86fe949d7
SHA256

5874294f3f7c4fe472b836c5b96262a44a5a42f96e186f11cce4777d1ad9688d
SHA512

f4eb30eace315e6da70450f995d4bbdbd8395ddaa1a53f75184adaab7b1f99942d9858f672b4d5395cd0fdfe5a0cab81876459f9c9c5f2290d879f76679b4bf1
SSDEEP

393216:4eOML8jve3MJccIKZNIMnFMqlr/3o5DUMQvaBV7W:4XMLyWAcpKXZMnza

Score

10^/10

rms rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

da301d359b4bbbc07ed41da725cc33e21a23a1e68f69436b475e37ab6abbf52f.exe

Resource

win7-20230220-en

rms rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

da301d359b4bbbc07ed41da725cc33e21a23a1e68f69436b475e37ab6abbf52f.exe

Resource

win10v2004-20230220-en

rms rat trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  da301d359b4bbbc07ed41da725cc33e21a23a1e68f69436b475e37ab6abbf52f.exe
- Size
  
  17.0MB
- MD5
  
  46fb7cafdf2dbb555201cfaaf104c1d3
- SHA1
  
  2eb1b934a6928eaa63f48f63888f690765968035
- SHA256
  
  da301d359b4bbbc07ed41da725cc33e21a23a1e68f69436b475e37ab6abbf52f
- SHA512
  
  bbaa2692aa0c84b10417daa04434f72b54e137be85042368c58432a7a39d40e4405246b2ecd6d9be1a7f3f6ef15f5f9d2ab8d31b4eee90839587e29c82e1a1e8
- SSDEEP
  
  393216:vuDuvtZSalmqJLNWqezyawPNbD7aC558YgrurVniy/+Rv:FvtZdbMGawPNb6E/rVjWRv
Score

10^/10

rms rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsrattrojanupx

behavioral2

rmsrattrojanupx

© 2018-2025

Terms | Privacy