Analysis
-
max time kernel
116s -
max time network
149s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
07-11-2020 15:47
General
-
Target
tracking_details2.jar
-
Size
332KB
-
MD5
8fa5ec1d2c2e4af02168b9f544523f49
-
SHA1
bc65f27ca5c3b665e800dc07626bcd66604af7cb
-
SHA256
cd8b8bd578f20672dee0a5189d4869055784e9f23d4fcda28ceeaa25079be3a6
-
SHA512
89bffc7fdacf9821a2245b0985dda349c5ecea63563263a2050a40b33cf29d4b33d765595d91b7b66075bb3481e1ab15e114f7ccfae55eb512e16b96c295e664
Score
10/10
Malware Config
Signatures
-
Ratty
Ratty is an open source Java Remote Access Tool.
-
Ratty Rat Payload 1 IoCs
-
Drops startup file 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Modifies registry class 2 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious use of SetWindowsHookEx 40 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\tracking_details2.jar1⤵
- Drops startup file
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\REG.exeREG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "tracking_details2.jar" /d "C:\Users\Admin\AppData\Roaming\tracking_details2.jar" /f2⤵
- Adds Run key to start application
- Modifies registry key
-
-
C:\Windows\SYSTEM32\attrib.exeattrib +H C:\Users\Admin\AppData\Roaming\tracking_details2.jar2⤵
- Views/modifies file attributes
-
-
C:\Windows\SYSTEM32\attrib.exeattrib +H C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tracking_details2.jar2⤵
- Views/modifies file attributes
-