af9faa36dfa99d285a266bc0f11d6436.exe

General
Target

af9faa36dfa99d285a266bc0f11d6436.exe

Size

100KB

Sample

201226-wcd7ymx7qa

Score
10 /10
MD5

af9faa36dfa99d285a266bc0f11d6436

SHA1

78cdd663c8a7fafdedf787aa56ada343dae051ce

SHA256

ef03a58568ec094636fe33261e1fafbb6aa77125be68c3615da4823abba198d8

SHA512

ed8a80b6994f6dc4702de6568b84e9fc7b344e00dddfd4def847dcbb852ef8b295a3979aae20e5601c302ef5af180d095600e791ba95bf973ed24e854edab304

Malware Config
Targets
Target

af9faa36dfa99d285a266bc0f11d6436.exe

MD5

af9faa36dfa99d285a266bc0f11d6436

Filesize

100KB

Score
10 /10
SHA1

78cdd663c8a7fafdedf787aa56ada343dae051ce

SHA256

ef03a58568ec094636fe33261e1fafbb6aa77125be68c3615da4823abba198d8

SHA512

ed8a80b6994f6dc4702de6568b84e9fc7b344e00dddfd4def847dcbb852ef8b295a3979aae20e5601c302ef5af180d095600e791ba95bf973ed24e854edab304

Tags

Signatures

  • RunningRat

    Description

    RunningRat is a remote access trojan first seen in 2018.

    Tags

  • Executes dropped EXE

  • Sets DLL path for service in the registry

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Deletes itself

  • Loads dropped DLL

  • Drops file in System32 directory

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    10/10

                    behavioral1

                    10/10

                    behavioral2

                    10/10