rms | 3b03d8ee3dc4406d7be3d995552965ad4b4b9f1f3d106580820ce3e1fa62b2ca | Triage

Submit
Reports

Overview

overview

Static

static

5

3b03d8ee3d...ca.exe

windows7-x64

3b03d8ee3d...ca.exe

windows10-2004-x64

Sharing

General

Target

3b03d8ee3dc4406d7be3d995552965ad4b4b9f1f3d106580820ce3e1fa62b2ca.exe
Size

17.1MB
Sample

241006-bf3pfssfqg
MD5

2ac561231ba80f987b7bf1f6c3fb2c3b
SHA1

9742aa5faeef8d90a116a5f86066acf72071ca26
SHA256

3b03d8ee3dc4406d7be3d995552965ad4b4b9f1f3d106580820ce3e1fa62b2ca
SHA512

4ea8a999b419472a3b4703535b4e6a3fe0a93de7bd44ef48dce11cf8d5bd7da8c72f585de9dad5534f270ff14f2ad5a16a5688498402cb1141d38a470fa34f50
SSDEEP

393216:r93WcIGlUHbn+WE2WQoCyJ8ZKNhNUNXaRdeX:53W7bE2WQoVVhNaXaza

Score

10^/10

rms discovery rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3b03d8ee3dc4406d7be3d995552965ad4b4b9f1f3d106580820ce3e1fa62b2ca.exe

Resource

win7-20240903-en

rms discovery rat trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

3b03d8ee3dc4406d7be3d995552965ad4b4b9f1f3d106580820ce3e1fa62b2ca.exe

Resource

win10v2004-20240802-en

rms discovery rat trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  3b03d8ee3dc4406d7be3d995552965ad4b4b9f1f3d106580820ce3e1fa62b2ca.exe
- Size
  
  17.1MB
- MD5
  
  2ac561231ba80f987b7bf1f6c3fb2c3b
- SHA1
  
  9742aa5faeef8d90a116a5f86066acf72071ca26
- SHA256
  
  3b03d8ee3dc4406d7be3d995552965ad4b4b9f1f3d106580820ce3e1fa62b2ca
- SHA512
  
  4ea8a999b419472a3b4703535b4e6a3fe0a93de7bd44ef48dce11cf8d5bd7da8c72f585de9dad5534f270ff14f2ad5a16a5688498402cb1141d38a470fa34f50
- SSDEEP
  
  393216:r93WcIGlUHbn+WE2WQoCyJ8ZKNhNUNXaRdeX:53W7bE2WQoVVhNaXaza
Score

10^/10

rms discovery rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryrattrojanupx

behavioral2

rmsdiscoveryrattrojanupx

© 2018-2024

Terms | Privacy