runningrat | 435a836a250603d3014f794b7123a5ed21d5481a4a86c10d669e8b1f71e9f113 | Triage

Submit
Reports

Overview

overview

Static

static

d6e428677d...de.exe

windows7_x64

d6e428677d...de.exe

windows10_x64

Sharing

General

Target

d6e428677d03e98845a2c84cb1e04ade.exe
Size

100KB
Sample

201225-mytsvdfp8x
MD5

d6e428677d03e98845a2c84cb1e04ade
SHA1

919abeb108f85e10cece90c349cea08043e307ca
SHA256

435a836a250603d3014f794b7123a5ed21d5481a4a86c10d669e8b1f71e9f113
SHA512

e0ebac44fd156eefd2861c908346baa900b45ee74c17bd11fc5ab903270d6817d5ffd87816c7ef510b70a3a964489108e33921d5409ab858d892abefff994e5c

Score

10^/10

runningrat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

d6e428677d03e98845a2c84cb1e04ade.exe

Resource

win7v20201028

runningrat persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d6e428677d03e98845a2c84cb1e04ade.exe

Resource

win10v20201028

runningrat persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d6e428677d03e98845a2c84cb1e04ade.exe
- Size
  
  100KB
- MD5
  
  d6e428677d03e98845a2c84cb1e04ade
- SHA1
  
  919abeb108f85e10cece90c349cea08043e307ca
- SHA256
  
  435a836a250603d3014f794b7123a5ed21d5481a4a86c10d669e8b1f71e9f113
- SHA512
  
  e0ebac44fd156eefd2861c908346baa900b45ee74c17bd11fc5ab903270d6817d5ffd87816c7ef510b70a3a964489108e33921d5409ab858d892abefff994e5c
Score

10^/10

runningrat persistence rat
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

runningratpersistencerat

behavioral2

runningratpersistencerat

© 2018-2024

Terms | Privacy