Overview

overview

10

Static

static

circolare.jar

windows7_x64

10

circolare.jar

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50f8498fcc6d554f4d40cce16096172dc68a562f774aaa54cb1d708a95097452

  • Size

    222KB

  • Sample

    220521-eb317scbgj

  • MD5

    e66bbda7dc9b9c1530291da9030dadb0

  • SHA1

    7e6c6941f6e48f657aee98be263697caa92d732f

  • SHA256

    50f8498fcc6d554f4d40cce16096172dc68a562f774aaa54cb1d708a95097452

  • SHA512

    1f9c32e90cd757da75024a41a5dd050314ac8a5f3d67e6ca78aaba7bed513d437e75a6b0e657bbafb03519d4203999ab17558bc1d77d98992a04ee513bf25ca8

Score
10/10
rattywshratpersistenceratsuricatatrojan

Malware Config

Extracted

Family

wshrat

C2

http://pluginsrv2.duckdns.org:8899

Targets

    • Target

      circolare.jar

    • Size

      222KB

    • MD5

      90e671a9d6318bd0b6c84f4d9a8405f7

    • SHA1

      ad4b30cf76a76745618a47eb71d2f97527af5f69

    • SHA256

      8ff89b316cfff559271ce4cb82584816829c79f0d4356358889284c822162c43

    • SHA512

      797aff0b8f08a9c22735fdf54b5f29b7a1312086eeb1f37937c52432a6d67532dcbaf6a3fbbbbcb92691b7d74dea129ba418b55f3b7633b24c3399ffe81e74c9

    Score
    10/10
    wshratpersistencesuricatatrojanrattyrat

    • Ratty

      Ratty is an open source Java Remote Access Tool.

      trojanratratty

    • Ratty Rat Payload

    • WSHRAT

      WSHRAT is a variant of Houdini worm and has vbs and js variants.

      trojanwshrat

    • suricata: ET MALWARE WSHRAT CnC Checkin

      suricata: ET MALWARE WSHRAT CnC Checkin

      suricata

    • suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1

      suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1

      suricata

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks