runningrat | 2234ea0bb75f1f3c710c7797aeea4a3f785918deefa4afc2a64c6133599c1f2f | Triage

Submit
Reports

Overview

overview

Static

static

e093f552a8...6b.exe

windows7_x64

e093f552a8...6b.exe

windows10_x64

Resubmissions

19-01-2021 15:41

210119-zpzh2np4pe 10

22-12-2020 11:53

201222-tqrqtyb5ns 10

Sharing

General

Target

e093f552a8a99add2a43244771b47e6b.exe
Size

112KB
Sample

201222-tqrqtyb5ns
MD5

e093f552a8a99add2a43244771b47e6b
SHA1

8d53f7705aaf9f41e2eb519e9ed7e07acc260117
SHA256

2234ea0bb75f1f3c710c7797aeea4a3f785918deefa4afc2a64c6133599c1f2f
SHA512

59a0309f88e9c394544e23a6f85e0acc2f9f3bf6523cfc1ad864b885dae3b0430dc9f4ddc060ea7b524afc428abca64ab6ad56fb1e40d4bf93a1a8a2c861f50c

Score

10^/10

runningrat xmrig miner persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

e093f552a8a99add2a43244771b47e6b.exe

Resource

win7v20201028

runningrat persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e093f552a8a99add2a43244771b47e6b.exe

Resource

win10v20201028

runningrat xmrig miner persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e093f552a8a99add2a43244771b47e6b.exe
- Size
  
  112KB
- MD5
  
  e093f552a8a99add2a43244771b47e6b
- SHA1
  
  8d53f7705aaf9f41e2eb519e9ed7e07acc260117
- SHA256
  
  2234ea0bb75f1f3c710c7797aeea4a3f785918deefa4afc2a64c6133599c1f2f
- SHA512
  
  59a0309f88e9c394544e23a6f85e0acc2f9f3bf6523cfc1ad864b885dae3b0430dc9f4ddc060ea7b524afc428abca64ab6ad56fb1e40d4bf93a1a8a2c861f50c
Score

10^/10

runningrat persistence rat xmrig miner
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

runningratpersistencerat

behavioral2

runningratxmrigminerpersistencerat

© 2018-2024

Terms | Privacy