General

  • Target

    th520.exe

  • Size

    96KB

  • Sample

    210211-b3vr83s2n2

  • MD5

    fbbc4c6ce85624e7c35ce3f5ca988bbe

  • SHA1

    346102549e0c1f9604266f8bda9f2fbd9ddf216b

  • SHA256

    31d5bcd2e4ecd330a56fbef1826e7201532311c9a57ee44352a746ea8271a778

  • SHA512

    c3fc14a7bbdedc1cfbda01d0e624d0ea6384427828c6cbff415bb2d5da5363d930a456e979f371f45835305f40d4b2a0a190c2355b624e042c4035ca6a067ded

Malware Config

Targets

    • Target

      th520.exe

    • Size

      96KB

    • MD5

      fbbc4c6ce85624e7c35ce3f5ca988bbe

    • SHA1

      346102549e0c1f9604266f8bda9f2fbd9ddf216b

    • SHA256

      31d5bcd2e4ecd330a56fbef1826e7201532311c9a57ee44352a746ea8271a778

    • SHA512

      c3fc14a7bbdedc1cfbda01d0e624d0ea6384427828c6cbff415bb2d5da5363d930a456e979f371f45835305f40d4b2a0a190c2355b624e042c4035ca6a067ded

    • RunningRat

      RunningRat is a remote access trojan first seen in 2018.

    • Executes dropped EXE

    • Sets DLL path for service in the registry

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks