General
-
Target
d6e428677d03e98845a2c84cb1e04ade.exe
-
Size
100KB
-
Sample
201225-mytsvdfp8x
-
MD5
d6e428677d03e98845a2c84cb1e04ade
-
SHA1
919abeb108f85e10cece90c349cea08043e307ca
-
SHA256
435a836a250603d3014f794b7123a5ed21d5481a4a86c10d669e8b1f71e9f113
-
SHA512
e0ebac44fd156eefd2861c908346baa900b45ee74c17bd11fc5ab903270d6817d5ffd87816c7ef510b70a3a964489108e33921d5409ab858d892abefff994e5c
Malware Config
Targets
-
-
Target
d6e428677d03e98845a2c84cb1e04ade.exe
-
Size
100KB
-
MD5
d6e428677d03e98845a2c84cb1e04ade
-
SHA1
919abeb108f85e10cece90c349cea08043e307ca
-
SHA256
435a836a250603d3014f794b7123a5ed21d5481a4a86c10d669e8b1f71e9f113
-
SHA512
e0ebac44fd156eefd2861c908346baa900b45ee74c17bd11fc5ab903270d6817d5ffd87816c7ef510b70a3a964489108e33921d5409ab858d892abefff994e5c
Score10/10-
RunningRat
RunningRat is a remote access trojan first seen in 2018.
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-