fattura.jar

General
Target

fattura.jar

Size

221KB

Sample

200710-ybcpwfddrn

Score
10 /10
MD5

4ebaf0ed00b6136fe1e4273508d855fa

SHA1

a3e6b82b95500b8eda4ab37a8f3865d47af3c7ad

SHA256

be32a4b1ba9b1ac7803eac01ca4a38f96770ad27d2d434794809ba3242182b0d

SHA512

80c243457a0b879b0cd2484837357326593131207e200f93cd4f40a2ce5dd4c8e5590c6f67638b7942c1ca6634abc637fa9658b81791116419960deb349f49c3

Malware Config
Targets
Target

fattura.jar

MD5

4ebaf0ed00b6136fe1e4273508d855fa

Filesize

221KB

Score
10 /10
SHA1

a3e6b82b95500b8eda4ab37a8f3865d47af3c7ad

SHA256

be32a4b1ba9b1ac7803eac01ca4a38f96770ad27d2d434794809ba3242182b0d

SHA512

80c243457a0b879b0cd2484837357326593131207e200f93cd4f40a2ce5dd4c8e5590c6f67638b7942c1ca6634abc637fa9658b81791116419960deb349f49c3

Tags

Signatures

  • Ratty

    Description

    Ratty is an open source Java Remote Access Tool.

    Tags

  • Ratty Rat Payload

  • WSHRAT

    Description

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    Tags

  • Blacklisted process makes network request

  • Drops startup file

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1