cdc887bb5bff153dcff3330f0fbb9bdf.exe

General
Target

cdc887bb5bff153dcff3330f0fbb9bdf.exe

Size

100KB

Sample

201227-yzvphwjjge

Score
10 /10
MD5

cdc887bb5bff153dcff3330f0fbb9bdf

SHA1

1465f62b20e495cf9a12bc4faac5246cc0c2db3b

SHA256

0175a29f801ef7a555c3d20744a5fa5336604d420d8ffe98bb5723744d1a82cd

SHA512

30f5a6dbed556ebd99fd339222012e5f7d401486995147b68b63490244c4d20cf11ad1588d159f8e23807125ecd2383e9228a3a69dc553741a67eda508ddabe7

Malware Config
Targets
Target

cdc887bb5bff153dcff3330f0fbb9bdf.exe

MD5

cdc887bb5bff153dcff3330f0fbb9bdf

Filesize

100KB

Score
10 /10
SHA1

1465f62b20e495cf9a12bc4faac5246cc0c2db3b

SHA256

0175a29f801ef7a555c3d20744a5fa5336604d420d8ffe98bb5723744d1a82cd

SHA512

30f5a6dbed556ebd99fd339222012e5f7d401486995147b68b63490244c4d20cf11ad1588d159f8e23807125ecd2383e9228a3a69dc553741a67eda508ddabe7

Tags

Signatures

  • RunningRat

    Description

    RunningRat is a remote access trojan first seen in 2018.

    Tags

  • Executes dropped EXE

  • Sets DLL path for service in the registry

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Deletes itself

  • Loads dropped DLL

  • Drops file in System32 directory

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    10/10

                    behavioral1

                    10/10

                    behavioral2

                    10/10