ratty | 7ee2ba5ce9b10cf23a0d07764dbce999ee1673629467c2663c2e28c4728d5587 | Triage

Sharing

General

Target

7ee2ba5ce9b10cf23a0d07764dbce999ee1673629467c2663c2e28c4728d5587
Size

418KB
Sample

220206-zcafhabhar
MD5

b8ddbc4787f3abfc57a390945679a8b5
SHA1

388ca4596625bafb806048f4e088b74c8ca8c65a
SHA256

7ee2ba5ce9b10cf23a0d07764dbce999ee1673629467c2663c2e28c4728d5587
SHA512

1774f2a30c1e3cb78dc6871d87cde5a4851fd84c0ec10ab01a0abfb1f11d14dc358ea24b468ba2a10792d0c2567cf74372e8c1ad3454617f8543ddb9b035d7bd

Score

10^/10

ratty rat trojan

Malware Config

Targets

- Target
  
  Order.xlsx
- Size
  
  7KB
- MD5
  
  babea5182cea94bafda9a125c71f0b33
- SHA1
  
  fa449309136bb8d7a05ccab8aec4c2d85d2e6f65
- SHA256
  
  1f1bf58d07b84d0981d6226e8a9cce01526f37b1ca8472f66398b2fa370c8e72
- SHA512
  
  d7d6d0fe02508dcd3705384c205b69f128a75f4196ab0f14be820b007f0c097d3490b73fffc93a81c855645fa1a28a63f8027baa68fee56efe959810e2476297
Score

4^/10
behavioral1 behavioral2
- Target
  
  PO-21789669S_pdf.jar
- Size
  
  413KB
- MD5
  
  911cffcd1c80092af37c72fd11fccdb6
- SHA1
  
  bb3658b53f4d772aa326d9b1edf0d4f403654517
- SHA256
  
  b30f5e7c8deb0e93f46c98dd559df30ab6b585a340fe72a8f512adfdacb95eb9
- SHA512
  
  152affd097aa47e01e02bf0e154e9068ebec732676e56fe70daa13c94b56f455feceda04926b5b5c369997bf887fddb7f0e47e40cb42efe109dc563c17ff89fd
Score

10^/10

ratty rat trojan
- Ratty
  Ratty is an open source Java Remote Access Tool.
  trojan rat ratty
- Ratty Rat Payload
- Detect jar appended to MSI
- Executes dropped EXE
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4