General

  • Target

    tmp

  • Size

    68KB

  • Sample

    220706-y222daahg3

  • MD5

    0816e820c5380f3690a605ed21e16680

  • SHA1

    4240d81fb389f59a8e245ee4a2d2dba9b02023d4

  • SHA256

    44ae5d2173ef2de82335e4f8c206deaf754f8d413c24c983fa66711baeabffc3

  • SHA512

    bb7d23cbfe7ce094d6e80e29d0915aa4a9c612471313e1c838bd7e57cec66a5c7c33f1846e3d80726db1c4583838d73b9b10e72f1e97320423b0af89ceeb5812

Score
10/10

Malware Config

Targets

    • Target

      tmp

    • Size

      68KB

    • MD5

      0816e820c5380f3690a605ed21e16680

    • SHA1

      4240d81fb389f59a8e245ee4a2d2dba9b02023d4

    • SHA256

      44ae5d2173ef2de82335e4f8c206deaf754f8d413c24c983fa66711baeabffc3

    • SHA512

      bb7d23cbfe7ce094d6e80e29d0915aa4a9c612471313e1c838bd7e57cec66a5c7c33f1846e3d80726db1c4583838d73b9b10e72f1e97320423b0af89ceeb5812

    Score
    10/10
    • RunningRat

      RunningRat is a remote access trojan first seen in 2018.

    • RunningRat Payload

    • suricata: ET MALWARE Win32/Farfli.CUY CnC Server Response

      suricata: ET MALWARE Win32/Farfli.CUY CnC Server Response

    • suricata: ET MALWARE Win32/Farfli.CUY KeepAlive M1

      suricata: ET MALWARE Win32/Farfli.CUY KeepAlive M1

    • suricata: ET MALWARE Win32/Farfli.CUY KeepAlive M2

      suricata: ET MALWARE Win32/Farfli.CUY KeepAlive M2

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks