rms | 05f4047700fb850cdf850a56d06fa5cbe8b8958315902b82b1b588e8d36f2994 | Triage

Sharing

General

Target

c-programdata-smtool-476525fc-0426-4be5-bd03-484654a13492-mseserv-exe
Size

12.4MB
Sample

250204-spn14azldt
MD5

6c6ea2a32ef881c510cb4a45010fe4e6
SHA1

972b1b2c765522cd59837cf231debc6e8d82dbfb
SHA256

05f4047700fb850cdf850a56d06fa5cbe8b8958315902b82b1b588e8d36f2994
SHA512

49fc108f0e70519139e43a2b47c0bd9b2a5dcd751049c37a8872a47afa52261fc02fcab1a83a26ec11fe3b003ee3412586963d6ad26e620b6cc3aff2522131c7
SSDEEP

98304:v6OwlI2RKvm132+y6gu70DNGyTuM+62wkYePy45mZGXuI+3ZYOx50RNtf:96fRKvm13Tyw0DNw7mZG/+Jvx5uf

Score

10^/10

rms discovery rat trojan

Malware Config

Targets

- Target
  
  c-programdata-smtool-476525fc-0426-4be5-bd03-484654a13492-mseserv-exe
- Size
  
  12.4MB
- MD5
  
  6c6ea2a32ef881c510cb4a45010fe4e6
- SHA1
  
  972b1b2c765522cd59837cf231debc6e8d82dbfb
- SHA256
  
  05f4047700fb850cdf850a56d06fa5cbe8b8958315902b82b1b588e8d36f2994
- SHA512
  
  49fc108f0e70519139e43a2b47c0bd9b2a5dcd751049c37a8872a47afa52261fc02fcab1a83a26ec11fe3b003ee3412586963d6ad26e620b6cc3aff2522131c7
- SSDEEP
  
  98304:v6OwlI2RKvm132+y6gu70DNGyTuM+62wkYePy45mZGXuI+3ZYOx50RNtf:96fRKvm13Tyw0DNw7mZG/+Jvx5uf
Score

10^/10

rms discovery rat trojan
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Rms family
  rms
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rmsdiscoveryrattrojan

behavioral2

rmsdiscoveryrattrojan