runningrat | 31d5bcd2e4ecd330a56fbef1826e7201532311c9a57ee44352a746ea8271a778 | Triage

Submit
Reports

Overview

overview

Static

static

th520.exe

windows7_x64

th520.exe

windows10_x64

Sharing

General

Target

th520.exe
Size

96KB
Sample

210211-b3vr83s2n2
MD5

fbbc4c6ce85624e7c35ce3f5ca988bbe
SHA1

346102549e0c1f9604266f8bda9f2fbd9ddf216b
SHA256

31d5bcd2e4ecd330a56fbef1826e7201532311c9a57ee44352a746ea8271a778
SHA512

c3fc14a7bbdedc1cfbda01d0e624d0ea6384427828c6cbff415bb2d5da5363d930a456e979f371f45835305f40d4b2a0a190c2355b624e042c4035ca6a067ded

Score

10^/10

runningrat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

th520.exe

Resource

win7v20201028

runningrat persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

th520.exe

Resource

win10v20201028

runningrat persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  th520.exe
- Size
  
  96KB
- MD5
  
  fbbc4c6ce85624e7c35ce3f5ca988bbe
- SHA1
  
  346102549e0c1f9604266f8bda9f2fbd9ddf216b
- SHA256
  
  31d5bcd2e4ecd330a56fbef1826e7201532311c9a57ee44352a746ea8271a778
- SHA512
  
  c3fc14a7bbdedc1cfbda01d0e624d0ea6384427828c6cbff415bb2d5da5363d930a456e979f371f45835305f40d4b2a0a190c2355b624e042c4035ca6a067ded
Score

10^/10

runningrat persistence rat
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

runningratpersistencerat

behavioral2

runningratpersistencerat

© 2018-2024

Terms | Privacy