rms | b644b71318ac3f1a5c01249c65bcc490ef7cffe13925c1e8e200eecd91df6c9c | Triage

Sharing

General

Target

78db881af6d41d8ce120db6dfe104f24
Size

2.4MB
Sample

240127-bbvs2sbdam
MD5

78db881af6d41d8ce120db6dfe104f24
SHA1

1519b9fcc1f17b90a88acbfc089b5d2f76f21bad
SHA256

b644b71318ac3f1a5c01249c65bcc490ef7cffe13925c1e8e200eecd91df6c9c
SHA512

ea19d704961651c5fdac730f47b1470a9816dad13d9a3b67c6116eb6a778d8823a479d930676105172cea9fe235dd45f9993e12a228b984a43b5299a18866f58
SSDEEP

49152:d7K+TDiZtK4JnUTTbd7xnXTPTntYmzZfv+3nmRVHdA0IyDmAHA5Z4/:deLtKzRpX/tzVc0bIyawA5Z4/

Score

10^/10

rms evasion rat trojan

Malware Config

Targets

- Target
  
  78db881af6d41d8ce120db6dfe104f24
- Size
  
  2.4MB
- MD5
  
  78db881af6d41d8ce120db6dfe104f24
- SHA1
  
  1519b9fcc1f17b90a88acbfc089b5d2f76f21bad
- SHA256
  
  b644b71318ac3f1a5c01249c65bcc490ef7cffe13925c1e8e200eecd91df6c9c
- SHA512
  
  ea19d704961651c5fdac730f47b1470a9816dad13d9a3b67c6116eb6a778d8823a479d930676105172cea9fe235dd45f9993e12a228b984a43b5299a18866f58
- SSDEEP
  
  49152:d7K+TDiZtK4JnUTTbd7xnXTPTntYmzZfv+3nmRVHdA0IyDmAHA5Z4/:deLtKzRpX/tzVc0bIyawA5Z4/
Score

10^/10

rms evasion rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Modifies Windows Firewall
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsevasionrattrojan

behavioral2

rmsevasionrattrojan