rms | d3e91dbdf26856b6bc5e885e75b093960a06c046d63807b693acb23aa4cdeb51 | Triage

Sharing

General

Target

rutserv.exe
Size

8.9MB
Sample

230906-mzy16aeh4x
MD5

adeefeeb4a80337e7bb1dcdb423b39ba
SHA1

ac9e1f3e656d1ddcdffc60b5c1fe86391a3ada2d
SHA256

d3e91dbdf26856b6bc5e885e75b093960a06c046d63807b693acb23aa4cdeb51
SHA512

dc2e45440f84537ce80094e532a8656fd7ecdc14ba96136f07a6c17f538deb6a81046150c6314a0f1130b784cb8867bc1232a935cef285e36d1603289f8b6515
SSDEEP

98304:5jwp9/qlkxz5HqVnebAG8Nb7sqQC4/G/10DB+CcDcBpxtCXXl4Xs8tD5wkG3vhOl:5A/UkqJyDfBp7XyBvAcb7M

Score

10^/10

rms rat trojan

Malware Config

Targets

- Target
  
  rutserv.exe
- Size
  
  8.9MB
- MD5
  
  adeefeeb4a80337e7bb1dcdb423b39ba
- SHA1
  
  ac9e1f3e656d1ddcdffc60b5c1fe86391a3ada2d
- SHA256
  
  d3e91dbdf26856b6bc5e885e75b093960a06c046d63807b693acb23aa4cdeb51
- SHA512
  
  dc2e45440f84537ce80094e532a8656fd7ecdc14ba96136f07a6c17f538deb6a81046150c6314a0f1130b784cb8867bc1232a935cef285e36d1603289f8b6515
- SSDEEP
  
  98304:5jwp9/qlkxz5HqVnebAG8Nb7sqQC4/G/10DB+CcDcBpxtCXXl4Xs8tD5wkG3vhOl:5A/UkqJyDfBp7XyBvAcb7M
Score

10^/10

rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1