rms

General

Target

779c245a7df052facc1af2138f6618b0c6adb8039b81aa4715bb1b800b02e052N.exe
Size

4.4MB
Sample

250323-s4yh3svyg1
MD5

c6f1bfd4ba89279e97cdc75ae2ed1510
SHA1

694cc750402bb79819fa6d465f664d27ce91661a
SHA256

779c245a7df052facc1af2138f6618b0c6adb8039b81aa4715bb1b800b02e052
SHA512

f407fca8556300a85e38205579752cc6d436e9ab34b6095bd51f6e844307dcede1a55e9de4d526441d21bf75640f398e41f7861311998d7a4e6f958d4ef9cae9
SSDEEP

98304:/4S1Gym+c3UILv5sUuGkz3RQ8Ke+OLFvMXhIHpxfsr:/4mG+ILvsGk9Q8tR9MXhy/sr

Score

10^/10

Malware Config

Targets

- Target
  
  779c245a7df052facc1af2138f6618b0c6adb8039b81aa4715bb1b800b02e052N.exe
- Size
  
  4.4MB
- MD5
  
  c6f1bfd4ba89279e97cdc75ae2ed1510
- SHA1
  
  694cc750402bb79819fa6d465f664d27ce91661a
- SHA256
  
  779c245a7df052facc1af2138f6618b0c6adb8039b81aa4715bb1b800b02e052
- SHA512
  
  f407fca8556300a85e38205579752cc6d436e9ab34b6095bd51f6e844307dcede1a55e9de4d526441d21bf75640f398e41f7861311998d7a4e6f958d4ef9cae9
- SSDEEP
  
  98304:/4S1Gym+c3UILv5sUuGkz3RQ8Ke+OLFvMXhIHpxfsr:/4mG+ILvsGk9Q8tR9MXhy/sr
Score

10^/10

rms aspackv2 discovery rat trojan upx
- RMS
  Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
  trojan rat rms
- Rms family
  rms
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Rms family

ACProtect 1.3x - 1.4x DLL software

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2