rms | 47d07d1d52810d6b9c5814adf39cc73de693bf93fc0f79be39e54989ab1b4c0a | Triage

Submit
Reports

Overview

overview

Static

static

3

aut7C05.exe

windows7-x64

aut7C05.exe

windows10-2004-x64

Sharing

General

Target

aut7C05.tmp.zip
Size

4.4MB
Sample

240322-lwa99aah44
MD5

48d9f0a7f445c9d04ca9d12e24640a49
SHA1

c2fd386383d8437af00ed1943d211602967a8e24
SHA256

47d07d1d52810d6b9c5814adf39cc73de693bf93fc0f79be39e54989ab1b4c0a
SHA512

3adc6d5b07439a72d1cb02228b216b96fcfe75b828bb1919ade18ebdb50db43a634944773eca6072faf80413d4dc4e031454b423ee577c4e3f86898be72ae676
SSDEEP

98304:0EV2JnSLQQT3rHL8+ggqhzvzQooGCuyAZLWL0HjE0e0eElt66tRnMvpleTk:0E0ShT3PaYJuyA5i0DE0ReElt+ok

Score

10^/10

rms aspackv2 evasion rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

aut7C05.exe

Resource

win7-20240221-en

rms aspackv2 evasion rat trojan upx

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

aut7C05.exe

Resource

win10v2004-20240226-en

rms aspackv2 evasion rat trojan upx

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  aut7C05.tmp
- Size
  
  4.5MB
- MD5
  
  f9a9b17c831721033458d59bf69f45b6
- SHA1
  
  472313a8a15aca343cf669cfc61a9ae65279e06b
- SHA256
  
  9276d1bb2cd48fdf46161deaf7ad4b0dbcef9655d462584e104bd3f2a8c944ce
- SHA512
  
  653a5c77ada9c4b80b64ae5183bc43102b32db75272d84be9201150af7f80d96a96ab68042a17f68551f60a39053f529bee0ec527e20ab5c1d6c100a504feda8
- SSDEEP
  
  98304:V5xj2G4KJi7pqIx/nysBa5VOGnSL0QitFbfFcDluO4OP4kGHd9seAAo80CWhe:VmzKQ7pLnysBawAbGtuN0CW8
Score

10^/10

rms aspackv2 evasion rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsaspackv2evasionrattrojanupx

behavioral2

rmsaspackv2evasionrattrojanupx

© 2018-2025

Terms | Privacy