runningrat | ef03a58568ec094636fe33261e1fafbb6aa77125be68c3615da4823abba198d8 | Triage

Submit
Reports

Overview

overview

Static

static

af9faa36df...36.exe

windows7_x64

af9faa36df...36.exe

windows10_x64

Sharing

General

Target

af9faa36dfa99d285a266bc0f11d6436.exe
Size

100KB
Sample

201226-wcd7ymx7qa
MD5

af9faa36dfa99d285a266bc0f11d6436
SHA1

78cdd663c8a7fafdedf787aa56ada343dae051ce
SHA256

ef03a58568ec094636fe33261e1fafbb6aa77125be68c3615da4823abba198d8
SHA512

ed8a80b6994f6dc4702de6568b84e9fc7b344e00dddfd4def847dcbb852ef8b295a3979aae20e5601c302ef5af180d095600e791ba95bf973ed24e854edab304

Score

10^/10

runningrat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

af9faa36dfa99d285a266bc0f11d6436.exe

Resource

win7v20201028

runningrat persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

af9faa36dfa99d285a266bc0f11d6436.exe

Resource

win10v20201028

runningrat persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  af9faa36dfa99d285a266bc0f11d6436.exe
- Size
  
  100KB
- MD5
  
  af9faa36dfa99d285a266bc0f11d6436
- SHA1
  
  78cdd663c8a7fafdedf787aa56ada343dae051ce
- SHA256
  
  ef03a58568ec094636fe33261e1fafbb6aa77125be68c3615da4823abba198d8
- SHA512
  
  ed8a80b6994f6dc4702de6568b84e9fc7b344e00dddfd4def847dcbb852ef8b295a3979aae20e5601c302ef5af180d095600e791ba95bf973ed24e854edab304
Score

10^/10

runningrat persistence rat
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

runningratpersistencerat

behavioral2

runningratpersistencerat

© 2018-2024

Terms | Privacy