d6e428677d03e98845a2c84cb1e04ade.exe

General
Target

d6e428677d03e98845a2c84cb1e04ade.exe

Size

100KB

Sample

201225-mytsvdfp8x

Score
10 /10
MD5

d6e428677d03e98845a2c84cb1e04ade

SHA1

919abeb108f85e10cece90c349cea08043e307ca

SHA256

435a836a250603d3014f794b7123a5ed21d5481a4a86c10d669e8b1f71e9f113

SHA512

e0ebac44fd156eefd2861c908346baa900b45ee74c17bd11fc5ab903270d6817d5ffd87816c7ef510b70a3a964489108e33921d5409ab858d892abefff994e5c

Malware Config
Targets
Target

d6e428677d03e98845a2c84cb1e04ade.exe

MD5

d6e428677d03e98845a2c84cb1e04ade

Filesize

100KB

Score
10 /10
SHA1

919abeb108f85e10cece90c349cea08043e307ca

SHA256

435a836a250603d3014f794b7123a5ed21d5481a4a86c10d669e8b1f71e9f113

SHA512

e0ebac44fd156eefd2861c908346baa900b45ee74c17bd11fc5ab903270d6817d5ffd87816c7ef510b70a3a964489108e33921d5409ab858d892abefff994e5c

Tags

Signatures

  • RunningRat

    Description

    RunningRat is a remote access trojan first seen in 2018.

    Tags

  • Executes dropped EXE

  • Sets DLL path for service in the registry

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Deletes itself

  • Loads dropped DLL

  • Drops file in System32 directory

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    10/10

                    behavioral1

                    10/10

                    behavioral2

                    10/10