General

  • Target

    Job detail description.zip

  • Size

    20.0MB

  • Sample

    210504-3111d5tege

  • MD5

    dc01665b55d05b581cbc63d13b284325

  • SHA1

    b4fbf33eb1be6dabf385b4dca9e01cfde72b564a

  • SHA256

    e4d2e9ce7acde7aedc23da6e40ce3308bea58e698a63159364d971da3d5ca07b

  • SHA512

    f1a366e1ffcadb7af487b179684a819562163a5364f94ffd14851fd2b5e4f025cf1aa2bd383765a534484974dd38b5b010d2992e65569bf779fe6c91c0d551cb

Malware Config

Targets

    • Target

      Job detail description.scr

    • Size

      20.4MB

    • MD5

      7715553038a37ed152655ae9e776470b

    • SHA1

      6f952eaa01c96af03beb21dfb6024ec64cd83a26

    • SHA256

      186a7abdfcc2df113148650eb1673620a11bb8bfcf3c53f8a1c7429703cda715

    • SHA512

      983584d6be4a6951d4776f8b0d408050059a93e3663a2752638b6b751aa99fb6149a3b9f670b9a47815e7a97e67c92bd0362c6334ae50530501b008ff3e09109

    • RuRAT

      RuRAT is a remote admin tool sold as legitimate software but regularly abused in malicious phishing campaigns.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Tasks