runningrat | 0175a29f801ef7a555c3d20744a5fa5336604d420d8ffe98bb5723744d1a82cd | Triage

Submit
Reports

Overview

overview

Static

static

cdc887bb5b...df.exe

windows7_x64

cdc887bb5b...df.exe

windows10_x64

Sharing

General

Target

cdc887bb5bff153dcff3330f0fbb9bdf.exe
Size

100KB
Sample

201227-yzvphwjjge
MD5

cdc887bb5bff153dcff3330f0fbb9bdf
SHA1

1465f62b20e495cf9a12bc4faac5246cc0c2db3b
SHA256

0175a29f801ef7a555c3d20744a5fa5336604d420d8ffe98bb5723744d1a82cd
SHA512

30f5a6dbed556ebd99fd339222012e5f7d401486995147b68b63490244c4d20cf11ad1588d159f8e23807125ecd2383e9228a3a69dc553741a67eda508ddabe7

Score

10^/10

runningrat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

cdc887bb5bff153dcff3330f0fbb9bdf.exe

Resource

win7v20201028

runningrat persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cdc887bb5bff153dcff3330f0fbb9bdf.exe

Resource

win10v20201028

runningrat persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  cdc887bb5bff153dcff3330f0fbb9bdf.exe
- Size
  
  100KB
- MD5
  
  cdc887bb5bff153dcff3330f0fbb9bdf
- SHA1
  
  1465f62b20e495cf9a12bc4faac5246cc0c2db3b
- SHA256
  
  0175a29f801ef7a555c3d20744a5fa5336604d420d8ffe98bb5723744d1a82cd
- SHA512
  
  30f5a6dbed556ebd99fd339222012e5f7d401486995147b68b63490244c4d20cf11ad1588d159f8e23807125ecd2383e9228a3a69dc553741a67eda508ddabe7
Score

10^/10

runningrat persistence rat
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

runningratpersistencerat

behavioral2

runningratpersistencerat

© 2018-2024

Terms | Privacy