rms | 8c4a21abb710c7461e914ffaac2e0e0bd9f787ecea09c40eb6fcebee6c0b7459 | Triage

Submit
Reports

Overview

overview

Static

static

5

79b940cedb...2f.exe

windows7-x64

79b940cedb...2f.exe

windows10-2004-x64

Sharing

General

Target

79b940cedb20098990864f8f0a60372f.exe
Size

16.4MB
Sample

241012-st7zrsxdmc
MD5

79b940cedb20098990864f8f0a60372f
SHA1

b763fd1a3f54bcdaacd7ab6b51387e49834225a7
SHA256

8c4a21abb710c7461e914ffaac2e0e0bd9f787ecea09c40eb6fcebee6c0b7459
SHA512

e0ae344de6303b75c9c880a5d897d305f1e6ab3e3588ddf3f6ba21e1a229ad2b72765667fb6ce11be0c66f55fda942ea395f6970d4f0c23f90a9cdb6cdc601bd
SSDEEP

393216:DfdMgv/raPXH/rv6VxoaPDpZwoCoOEjDl+6:DFMg3sXfWVxowl+oCoOz6

Score

10^/10

rms discovery rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

79b940cedb20098990864f8f0a60372f.exe

Resource

win7-20241010-en

rms discovery rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

79b940cedb20098990864f8f0a60372f.exe

Resource

win10v2004-20241007-en

rms discovery rat trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  79b940cedb20098990864f8f0a60372f.exe
- Size
  
  16.4MB
- MD5
  
  79b940cedb20098990864f8f0a60372f
- SHA1
  
  b763fd1a3f54bcdaacd7ab6b51387e49834225a7
- SHA256
  
  8c4a21abb710c7461e914ffaac2e0e0bd9f787ecea09c40eb6fcebee6c0b7459
- SHA512
  
  e0ae344de6303b75c9c880a5d897d305f1e6ab3e3588ddf3f6ba21e1a229ad2b72765667fb6ce11be0c66f55fda942ea395f6970d4f0c23f90a9cdb6cdc601bd
- SSDEEP
  
  393216:DfdMgv/raPXH/rv6VxoaPDpZwoCoOEjDl+6:DFMg3sXfWVxowl+oCoOz6
Score

10^/10

rms discovery rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryrattrojanupx

behavioral2

rmsdiscoveryrattrojanupx

© 2018-2024

Terms | Privacy