Overview

overview

10

Static

static

PO-21789669S_pdf.jar

windows7_x64

10

PO-21789669S_pdf.jar

windows10_x64

10

Resubmissions

18-03-2021 12:49

210318-jnzrn1g6vn 10

18-03-2021 06:52

210318-sms8q2jx42 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-21789669S_pdf.jar

  • Size

    413KB

  • Sample

    210318-sms8q2jx42

  • MD5

    911cffcd1c80092af37c72fd11fccdb6

  • SHA1

    bb3658b53f4d772aa326d9b1edf0d4f403654517

  • SHA256

    b30f5e7c8deb0e93f46c98dd559df30ab6b585a340fe72a8f512adfdacb95eb9

  • SHA512

    152affd097aa47e01e02bf0e154e9068ebec732676e56fe70daa13c94b56f455feceda04926b5b5c369997bf887fddb7f0e47e40cb42efe109dc563c17ff89fd

Score
10/10
rattypersistencerattrojan

Malware Config

Targets

    • Target

      PO-21789669S_pdf.jar

    • Size

      413KB

    • MD5

      911cffcd1c80092af37c72fd11fccdb6

    • SHA1

      bb3658b53f4d772aa326d9b1edf0d4f403654517

    • SHA256

      b30f5e7c8deb0e93f46c98dd559df30ab6b585a340fe72a8f512adfdacb95eb9

    • SHA512

      152affd097aa47e01e02bf0e154e9068ebec732676e56fe70daa13c94b56f455feceda04926b5b5c369997bf887fddb7f0e47e40cb42efe109dc563c17ff89fd

    Score
    10/10
    rattyrattrojanpersistence

    • Ratty

      Ratty is an open source Java Remote Access Tool.

      trojanratratty

    • Ratty Rat Payload

    • Detect jar appended to MSI

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks