rms | cc15f0b24928a50ce4a5ca67e3b8ddc3b7553d56483ac18cc5b8d4bcf2fdad45 | Triage

Submit
Reports

Overview

overview

Static

static

7

Device/Har...UM.exe

windows10-2004-x64

Sharing

General

Target

techni threat.zip
Size

10.6MB
Sample

240912-k5pnkazhjd
MD5

a61aac6470878d0475082346dd7cdbb8
SHA1

c3d1c4d79bae6ae27e919e401671e05ddf786e11
SHA256

cc15f0b24928a50ce4a5ca67e3b8ddc3b7553d56483ac18cc5b8d4bcf2fdad45
SHA512

40ba628b946cea5e5fd160c18cf050a20a44de13ad5a4209d11ca42910954a395953e6c2d7c19132e785cfe7aec9d0c5b307bc0222485117fa46a97292c1c85d
SSDEEP

196608:lK2n8uSb3C+SlGfNq/5PKx0J5zqn2vPiGf2mReBaRZAPxmEaqMWmJwn:YNmlGlKPKx0Xg2vP/emReIR2gEUWmJwn

Score

10^/10

rms discovery rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Device/HarddiskVolume4/Users/frederik.cambier/Desktop/EkUM.exe

Resource

win10v2004-20240802-en

rms discovery rat trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  Device/HarddiskVolume4/Users/frederik.cambier/Desktop/EkUM.exe
- Size
  
  11.1MB
- MD5
  
  8cd80866e5829c07dc6ad8582f8ba834
- SHA1
  
  2519c536af9f371c079ef68bc47abc36ec9ca2a8
- SHA256
  
  18e977a2b3d7d65718bc0d6acc0912efdd70e768da4109a74656db22c06fddef
- SHA512
  
  987b60165666e42e8bad3045b5c2568fa1d6383bf8ba76fc088f7c704b9b949be73216a5d65642abf72a7a39fcd7fc5594267b908939eabef63ede531b63d6ea
- SSDEEP
  
  196608:VlMSDJba6MPbxe+Yf9Wd+I4wCpBe8eh0H7ShmbnewyToAwTkWDFbs6HrTBk3FrDh:VHJa0Dcd+I4wCre8eJCneLklTnNs6Hrg
Score

10^/10

rms discovery rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryrattrojanupx

© 2018-2024

Terms | Privacy