rms | cd072d072df3c9feb5cf7365b1c88ec1b94cc1dfb5ef29c8eb5e37f6ca20037f | Triage

Submit
Reports

Overview

overview

Static

static

3

a9bc726ed0...18.exe

windows7-x64

a9bc726ed0...18.exe

windows10-2004-x64

Sharing

General

Target

a9bc726ed086972998ec04883f82c0cd_JaffaCakes118
Size

7.3MB
Sample

241127-1fth8axnhp
MD5

a9bc726ed086972998ec04883f82c0cd
SHA1

8e479f378d7e20a0eb39d82044a3a5f528aab5c6
SHA256

cd072d072df3c9feb5cf7365b1c88ec1b94cc1dfb5ef29c8eb5e37f6ca20037f
SHA512

6431178a072106cc34d7e9641f31213c543b7084deba00a731368890ddc9c041961d0c06a4d933656072a686e15beec1d62877926f7cbf1d653ecb7e051eb8ef
SSDEEP

196608:fJs8lp9+5ckLl4M4FluxtBB8p5ATnxZya:fLp9Xm5/xF8pqd

Score

10^/10

rms discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a9bc726ed086972998ec04883f82c0cd_JaffaCakes118.exe

Resource

win7-20240903-en

rms discovery rat trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

a9bc726ed086972998ec04883f82c0cd_JaffaCakes118.exe

Resource

win10v2004-20241007-en

rms discovery rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  a9bc726ed086972998ec04883f82c0cd_JaffaCakes118
- Size
  
  7.3MB
- MD5
  
  a9bc726ed086972998ec04883f82c0cd
- SHA1
  
  8e479f378d7e20a0eb39d82044a3a5f528aab5c6
- SHA256
  
  cd072d072df3c9feb5cf7365b1c88ec1b94cc1dfb5ef29c8eb5e37f6ca20037f
- SHA512
  
  6431178a072106cc34d7e9641f31213c543b7084deba00a731368890ddc9c041961d0c06a4d933656072a686e15beec1d62877926f7cbf1d653ecb7e051eb8ef
- SSDEEP
  
  196608:fJs8lp9+5ckLl4M4FluxtBB8p5ATnxZya:fLp9Xm5/xF8pqd
Score

10^/10

rms discovery rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Rms family
  rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryrattrojan

behavioral2

rmsdiscoveryrattrojan

© 2018-2024

Terms | Privacy