rms | a785b6bac833f0ebff7132dcd4e93f63db922fdebf6d572205def42925bc56b0 | Triage

Submit
Reports

Overview

overview

Static

static

3

discord.exe

windows7-x64

discord.exe

windows10-2004-x64

Sharing

General

Target

discord.exe
Size

108.2MB
Sample

230909-sdphgsca41
MD5

73e882ed6e9604978cbc396bd00a11e5
SHA1

f0524a000c4e1570a3c4fdfd426decb813b28401
SHA256

a785b6bac833f0ebff7132dcd4e93f63db922fdebf6d572205def42925bc56b0
SHA512

7e11cd2bafb4aa1107468162edaf211624852865230dac214a497067b5efea9c783271852afc29bec2a6e62cdda87108fe3676d723d810aee14e38ea946105ee
SSDEEP

3145728:gvHIQcGy6x67p5Q/xXFcHta2A6wFxjp7JD41E:gvpfVs76cNa2A6wXttk1E

Score

10^/10

rms discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

discord.exe

Resource

win7-20230831-en

rms discovery rat trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

discord.exe

Resource

win10v2004-20230831-en

rms discovery persistence rat trojan upx

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  discord.exe
- Size
  
  108.2MB
- MD5
  
  73e882ed6e9604978cbc396bd00a11e5
- SHA1
  
  f0524a000c4e1570a3c4fdfd426decb813b28401
- SHA256
  
  a785b6bac833f0ebff7132dcd4e93f63db922fdebf6d572205def42925bc56b0
- SHA512
  
  7e11cd2bafb4aa1107468162edaf211624852865230dac214a497067b5efea9c783271852afc29bec2a6e62cdda87108fe3676d723d810aee14e38ea946105ee
- SSDEEP
  
  3145728:gvHIQcGy6x67p5Q/xXFcHta2A6wFxjp7JD41E:gvpfVs76cNa2A6wXttk1E
Score

10^/10

rms discovery rat trojan upx persistence
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryrattrojanupx

behavioral2

rmsdiscoverypersistencerattrojanupx

© 2018-2024

Terms | Privacy