runningrat | 9b1367b0da26125af6946a108e9e657c373ad4e25be8e9a9eaa3a29adf6c95d9 | Triage

Submit
Reports

Overview

overview

Static

static

08d49d88c7...44.exe

windows7_x64

08d49d88c7...44.exe

windows10_x64

Sharing

General

Target

08d49d88c70b139a00f9eb87de734644.exe
Size

100KB
Sample

201227-3993hhxgh6
MD5

08d49d88c70b139a00f9eb87de734644
SHA1

1624a339f5bdfd5f166c211b5d4f06ab489cd406
SHA256

9b1367b0da26125af6946a108e9e657c373ad4e25be8e9a9eaa3a29adf6c95d9
SHA512

ae06bff8cd9f6d8a0cd07da540122d6bfb26c7061c7a2f3d6d1cf5b547ee73e67a321ac6600016e5c2ae3c8c599533442930454f8ac180696fd6ce5f9b0e7cb4

Score

10^/10

runningrat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

08d49d88c70b139a00f9eb87de734644.exe

Resource

win7v20201028

runningrat persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

08d49d88c70b139a00f9eb87de734644.exe

Resource

win10v20201028

runningrat persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  08d49d88c70b139a00f9eb87de734644.exe
- Size
  
  100KB
- MD5
  
  08d49d88c70b139a00f9eb87de734644
- SHA1
  
  1624a339f5bdfd5f166c211b5d4f06ab489cd406
- SHA256
  
  9b1367b0da26125af6946a108e9e657c373ad4e25be8e9a9eaa3a29adf6c95d9
- SHA512
  
  ae06bff8cd9f6d8a0cd07da540122d6bfb26c7061c7a2f3d6d1cf5b547ee73e67a321ac6600016e5c2ae3c8c599533442930454f8ac180696fd6ce5f9b0e7cb4
Score

10^/10

runningrat persistence rat
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

runningratpersistencerat

behavioral2

runningratpersistencerat

© 2018-2024

Terms | Privacy