rms | e37360817ca1827b57733bcbc87029a41af2f9edb3318555b6065c0b8cf71e46 | Triage

Submit
Reports

Overview

overview

Static

static

3

d97f291a3f...23.exe

windows7-x64

d97f291a3f...23.exe

windows10-2004-x64

Sharing

General

Target

d97f291a3f61d51ef5b1b88ddb5a1323
Size

6.2MB
Sample

240320-w2jhxsgc7x
MD5

d97f291a3f61d51ef5b1b88ddb5a1323
SHA1

fa572033baa1e5f0d4192a7163127e331e864209
SHA256

e37360817ca1827b57733bcbc87029a41af2f9edb3318555b6065c0b8cf71e46
SHA512

e11b2c6039c5391e57a617ff8456b8ff633d66eaafb1e5de639830af406ebed78afac95b81b813f253cd00a6e1c570b9de3e863a62d91b2d5fce64ff0fb9cb01
SSDEEP

196608:hPO1tdNQ/gLyzFQgR/CdRFbxCpgDYihHFAel06:hm3Q42zFQY6d7xVYAAel06

Score

10^/10

rms rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d97f291a3f61d51ef5b1b88ddb5a1323.exe

Resource

win7-20240221-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

d97f291a3f61d51ef5b1b88ddb5a1323.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  d97f291a3f61d51ef5b1b88ddb5a1323
- Size
  
  6.2MB
- MD5
  
  d97f291a3f61d51ef5b1b88ddb5a1323
- SHA1
  
  fa572033baa1e5f0d4192a7163127e331e864209
- SHA256
  
  e37360817ca1827b57733bcbc87029a41af2f9edb3318555b6065c0b8cf71e46
- SHA512
  
  e11b2c6039c5391e57a617ff8456b8ff633d66eaafb1e5de639830af406ebed78afac95b81b813f253cd00a6e1c570b9de3e863a62d91b2d5fce64ff0fb9cb01
- SSDEEP
  
  196608:hPO1tdNQ/gLyzFQgR/CdRFbxCpgDYihHFAel06:hm3Q42zFQY6d7xVYAAel06
Score

10^/10

rms rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy