Overview

overview

10

Static

static

10

run.bat

windows7_x64

1

run.bat

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ratty.zip

  • Size

    328KB

  • Sample

    200924-zxrhe9ncan

  • MD5

    deabdb3df856aa6ef1bfeb95c5d4cdf0

  • SHA1

    73adea0a6a11f1f6f0835cf4200dab4d4e79e8ae

  • SHA256

    c3b91b018296ca1c8a25133e0dd736b66897afabf4e14563e0b3edd6df9247d9

  • SHA512

    68e1da367518a685250e7f5085ef39a2d685e65235d4f3bf1cad57fba10e364248d6744fe51556479ff2917a36e4ec6e7946cb26d0b5361c05188c37023c9ecc

Score
10/10
rattypersistencerattrojan

Malware Config

Targets

    • Target

      run.bat

    • Size

      75B

    • MD5

      39cbbc9df4cd77e7645fcce24d3cfaf5

    • SHA1

      a4958cdc6d0d945e776413e8207a8f3e3031d0b3

    • SHA256

      8d4e094bce9d659b9783ed6eab5194631d62b5cf686d7451dfdab599e20cb04e

    • SHA512

      4f422ad30eb46afe1e02c9d2ea207dc278093c07da0f5f1f20a42471dd7257391d9d483fe6a8773338d84e3e90d77bbf82031d57b977e7c1321f69cf176e7685

    Score
    10/10
    persistencetrojanratratty

    • Ratty

      Ratty is an open source Java Remote Access Tool.

      trojanratratty

    • Ratty Rat Payload

    • Detect jar appended to MSI

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks