rms | 75d36fc4f14630cd347bce7e8fcf951b42bf47a7fc1e33af4a5ec7b2ec867a71 | Triage

Sharing

General

Target

85c0615ae667f2f1393cf2fcf91da146_JaffaCakes118
Size

1.9MB
Sample

241102-q3n7xavphy
MD5

85c0615ae667f2f1393cf2fcf91da146
SHA1

a6bc444bb36a46b4d4947b921679a8c30a31c20f
SHA256

75d36fc4f14630cd347bce7e8fcf951b42bf47a7fc1e33af4a5ec7b2ec867a71
SHA512

6d4ae8e6672c9b3ccbeebb5938d8de309bef59569f9307348194bbdd005cffba9b395f1e68b90f18d7a4b20af08c25a9d7940ad974943d05085e71419b3d8bf8
SSDEEP

49152:HeEXM8IDIF7s/LebeLdLrKJCmiVYfimgfHUQMUG1c:Hk80I+/GeFKC5Camgft/gc

Score

10^/10

rms discovery rat trojan upx

Malware Config

Targets

- Target
  
  111.exe
- Size
  
  21KB
- MD5
  
  82427df03213df677115af3d9bc8d134
- SHA1
  
  f2870bd0ebba0d5bf4b8b06099047cdbfb5254b3
- SHA256
  
  8433cab0e54e801a2be34fb149acf6bf8b87a60828eefe47af05edff762fe586
- SHA512
  
  3141435c43fe6dc7f76786455d8daa8af2e99a56936cab76cbfbd867ef77fdb2999a32f7d73213a513bb1ee5a5a2192d52f5163750647c5386d2ddabdaad1fa3
- SSDEEP
  
  384:UIiV728hUQ7Y2P/cVEccDdye7kjlWLe7grPiA8jyrMPhTjanbBoZKqaNJawcudoq:URGuY2P0Vo6r7SiAwyrMRjbMnbcuyD7h
Score

10^/10

rms discovery rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Rms family
  rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  Word/HookDrv.dll
- Size
  
  174KB
- MD5
  
  895d68b21984db50bfbffc88d289f5da
- SHA1
  
  2cc6625e1fcdeac9dceb6a0f381f52ba574365a8
- SHA256
  
  d3b6c19376b95cb9501181b42b7cbebd44b994d9652ef5fc103eec0d747b8e7d
- SHA512
  
  7d4d78b985c13fcd3ea835db7eab5373881257830e2f3f8cac3efc22b1e6d38ac99d1245539cf286beb6f67f077bb2582980c9f7c4250fd8546ff65edabcd68b
- SSDEEP
  
  3072:Y8+9FgejNovgJXghWCM80R8Kmn6vXnV4u888888888888W888888888887:Y8+zBovmR8KZz888888888888W88888P
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Word/RManFUSClient.exe
- Size
  
  2.5MB
- MD5
  
  eab8cb5fef7a716886ae19877c80d52e
- SHA1
  
  6cef2260d2fb047c69ab2afa1a9f5d8c75715f4b
- SHA256
  
  8f167e5ba3536b6bb20de8168709a469c9d440e6ce9ad80915479a20e8bd53fb
- SHA512
  
  e4b2734c8b811ac1035e24d8a336e58726b3ffe984aa13fbcfe703716f8ccf1ca798a08850951934e7d98c14ec201a4abf12a7248789f744423ca7860ddb2d3e
- SSDEEP
  
  49152:mOjOHAqSdSQfZZck2c6pgcqYOHNTBLupHc+w:upOT
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Word/RManServer.exe
- Size
  
  3.0MB
- MD5
  
  236fa5ee0c58372b51336a917fac7c4a
- SHA1
  
  67d371b2d0eee3f1b5af362cde5732bc42cef3cc
- SHA256
  
  c9abbef03faec7cf2b8ea364a20c38f56054c1ee6d42f648f71111ae4165cb02
- SHA512
  
  199e8f9ff9d6108090a0505001fab88cdc25399b3b2f95a06ef5003a7f120a578351f135e67949ae035d9d9b1336affa99608c0c14dbb3f94bcd1ca3dcd62188
- SSDEEP
  
  49152:09uBzsNcZSpHESjdRjuPRcSurl5hn/ZmDThTuW8Q1:euScxFurl5hn/0Y
Score

10^/10

rms discovery rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Rms family
  rms
behavioral7 behavioral8
- Target
  
  blat.dll
- Size
  
  120KB
- MD5
  
  724cae63522f6e5f7565a3bf4b2a719b
- SHA1
  
  18620dbd4357d85918070f669ff4b61755290757
- SHA256
  
  b87814eaf1cd5268e797f1119b58e3fd79381af3f530be9a90993198cbce1779
- SHA512
  
  af68749cadf9920a8bed455a2557b1faf475d30fdd62f45da6757fbc5a59341fffeccca4ff646b334da95cf673deeeea74bdbb27a16f510a4e3309055f89817d
- SSDEEP
  
  3072:tN3YqC7ZpufmsbSB0RaZCdLkMzdTv/3qq1iica:tN3Yq4ZpAPeB0fkMzgGHh
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  blat.exe
- Size
  
  112KB
- MD5
  
  31f84e433e8d1865e322998a41e6d90e
- SHA1
  
  cbea6cda10db869636f57b1cffad39b22e6f7f17
- SHA256
  
  aeca4a77d617da84296b5f857b2821333fe4b9663e8df74ef5a25a7882693e5e
- SHA512
  
  7ae504723b5b140e45af3163d1bfdc5ee0497debafba07cfbf1d2c15147c000be53f4ac8d36d926ed11cf0bb62e9e72f9bcf5d4caf92aa732d942f55834e2be9
- SSDEEP
  
  3072:ag5DTZCatGyIMzdze3BO+ggUFLVRM8uTv/3hH4:zDTZCatGyI+dze3BNgpVRM8+H
Score

3^/10

discovery
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryrattrojanupx

behavioral2

rmsdiscoveryrattrojanupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

rmsdiscoveryrattrojan

behavioral8

rmsdiscoveryrattrojan

behavioral9

behavioral10

behavioral11

behavioral12