th520.exe

General
Target

th520.exe

Size

96KB

Sample

210211-b3vr83s2n2

Score
10 /10
MD5

fbbc4c6ce85624e7c35ce3f5ca988bbe

SHA1

346102549e0c1f9604266f8bda9f2fbd9ddf216b

SHA256

31d5bcd2e4ecd330a56fbef1826e7201532311c9a57ee44352a746ea8271a778

SHA512

c3fc14a7bbdedc1cfbda01d0e624d0ea6384427828c6cbff415bb2d5da5363d930a456e979f371f45835305f40d4b2a0a190c2355b624e042c4035ca6a067ded

Malware Config
Targets
Target

th520.exe

MD5

fbbc4c6ce85624e7c35ce3f5ca988bbe

Filesize

96KB

Score
10 /10
SHA1

346102549e0c1f9604266f8bda9f2fbd9ddf216b

SHA256

31d5bcd2e4ecd330a56fbef1826e7201532311c9a57ee44352a746ea8271a778

SHA512

c3fc14a7bbdedc1cfbda01d0e624d0ea6384427828c6cbff415bb2d5da5363d930a456e979f371f45835305f40d4b2a0a190c2355b624e042c4035ca6a067ded

Tags

Signatures

  • RunningRat

    Description

    RunningRat is a remote access trojan first seen in 2018.

    Tags

  • Executes dropped EXE

  • Sets DLL path for service in the registry

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Loads dropped DLL

  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      10/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10