rurat | 93015eaddcf1cfed7c9e455cecebc51e85a5de3035282bafbfdd2b0979e46021 | Triage

Submit
Reports

Overview

overview

Static

static

8

2a6e6b54b6...b9.exe

windows7_x64

2a6e6b54b6...b9.exe

windows10_x64

Sharing

General

Target

2a6e6b54b6457078087ac12858f106b9.exe
Size

17.3MB
Sample

211204-yjpckaecb9
MD5

2a6e6b54b6457078087ac12858f106b9
SHA1

f573237cc96366fc92dfcdc7872ecab082b11e84
SHA256

93015eaddcf1cfed7c9e455cecebc51e85a5de3035282bafbfdd2b0979e46021
SHA512

6bb010e56bfeed60ee5262fd62b721cd3a58e8c6361f194058d5cb462e67eef1dcdcec6477c5d4afd3845c9b76e09bb998afb779fa332d2fcbb7574bcf16da4b

Score

10^/10

rurat backdoor discovery trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

2a6e6b54b6457078087ac12858f106b9.exe

Resource

win7-en-20211104

rurat backdoor discovery trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2a6e6b54b6457078087ac12858f106b9.exe

Resource

win10-en-20211104

rurat backdoor discovery trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2a6e6b54b6457078087ac12858f106b9.exe
- Size
  
  17.3MB
- MD5
  
  2a6e6b54b6457078087ac12858f106b9
- SHA1
  
  f573237cc96366fc92dfcdc7872ecab082b11e84
- SHA256
  
  93015eaddcf1cfed7c9e455cecebc51e85a5de3035282bafbfdd2b0979e46021
- SHA512
  
  6bb010e56bfeed60ee5262fd62b721cd3a58e8c6361f194058d5cb462e67eef1dcdcec6477c5d4afd3845c9b76e09bb998afb779fa332d2fcbb7574bcf16da4b
Score

10^/10

rurat backdoor discovery trojan
- RuRAT
  RuRAT is a remote admin tool sold as legitimate software but regularly abused in malicious phishing campaigns.
  trojan backdoor rurat
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ruratbackdoordiscoverytrojan

behavioral2

ruratbackdoordiscoverytrojan

© 2018-2024

Terms | Privacy