rms | 5158d871a7011e31c681f26a98d2b4215037261563500117875e4540c66f8706 | Triage

Submit
Reports

Overview

overview

Static

static

3

5158d871a7...6N.exe

windows7-x64

5158d871a7...6N.exe

windows10-2004-x64

Sharing

General

Target

5158d871a7011e31c681f26a98d2b4215037261563500117875e4540c66f8706N
Size

2.3MB
Sample

241026-getm2sylbz
MD5

634b9b275dc6beaae17b4bdebcea8080
SHA1

45158df97c438217892133074f1ddbb10f119e30
SHA256

5158d871a7011e31c681f26a98d2b4215037261563500117875e4540c66f8706
SHA512

824f2ac9a9776c7fafba819fc6c16b08decac478673b7cae422daf812581d6642bc7bd2a048eb37250d8b702dc6b12087509148d76f565adb5828e3037217281
SSDEEP

49152:pAI+jA+6K5XPE/KaP7B6enfDhiO9djGmYQIubnx7TlUVKodrK:pAI+M+6KFIpnf0CFY8bnxnVUrK

Score

10^/10

rms discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5158d871a7011e31c681f26a98d2b4215037261563500117875e4540c66f8706N.exe

Resource

win7-20240903-en

rms discovery rat trojan

windows7-x64

13 signatures

120 seconds

Behavioral task

behavioral2

Sample

5158d871a7011e31c681f26a98d2b4215037261563500117875e4540c66f8706N.exe

Resource

win10v2004-20241007-en

rms discovery rat trojan

windows10-2004-x64

13 signatures

120 seconds

Malware Config

Targets

- Target
  
  5158d871a7011e31c681f26a98d2b4215037261563500117875e4540c66f8706N
- Size
  
  2.3MB
- MD5
  
  634b9b275dc6beaae17b4bdebcea8080
- SHA1
  
  45158df97c438217892133074f1ddbb10f119e30
- SHA256
  
  5158d871a7011e31c681f26a98d2b4215037261563500117875e4540c66f8706
- SHA512
  
  824f2ac9a9776c7fafba819fc6c16b08decac478673b7cae422daf812581d6642bc7bd2a048eb37250d8b702dc6b12087509148d76f565adb5828e3037217281
- SSDEEP
  
  49152:pAI+jA+6K5XPE/KaP7B6enfDhiO9djGmYQIubnx7TlUVKodrK:pAI+M+6KFIpnf0CFY8bnxnVUrK
Score

10^/10

rms discovery rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Rms family
  rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryrattrojan

behavioral2

rmsdiscoveryrattrojan

© 2018-2025

Terms | Privacy