runningrat | d4718f83804b97ff859e94d8964e7b9093e4e394e5a77a29b8d592bd03cafbf8 | Triage

Sharing

General

Target

d4718f83804b97ff859e94d8964e7b9093e4e394e5a77a29b8d592bd03cafbf8
Size

91KB
Sample

221127-2ccxqsdb89
MD5

49824f49ab35fcbc12d9b01c5af06816
SHA1

ff8418fc41e87649cc0b24d326fed25f19816ffd
SHA256

d4718f83804b97ff859e94d8964e7b9093e4e394e5a77a29b8d592bd03cafbf8
SHA512

7418cdfe7cafd57cf815510c06c16081ad2228e1c359e6877882873224c1a4ae4edd9fc412a11f92ecc218ce85e00d6146a1fea6631006a7f1fd6c7b1d6492f2
SSDEEP

1536:LxETPkgcky/Vht7ILmkAP3T3pzJuhyicgcqd33+9fAbsZ7Yg53zf5ej:LWT3yCfUZfucU3s+q8g53zfA

Score

10^/10

runningrat persistence rat

Malware Config

Targets

- Target
  
  d4718f83804b97ff859e94d8964e7b9093e4e394e5a77a29b8d592bd03cafbf8
- Size
  
  91KB
- MD5
  
  49824f49ab35fcbc12d9b01c5af06816
- SHA1
  
  ff8418fc41e87649cc0b24d326fed25f19816ffd
- SHA256
  
  d4718f83804b97ff859e94d8964e7b9093e4e394e5a77a29b8d592bd03cafbf8
- SHA512
  
  7418cdfe7cafd57cf815510c06c16081ad2228e1c359e6877882873224c1a4ae4edd9fc412a11f92ecc218ce85e00d6146a1fea6631006a7f1fd6c7b1d6492f2
- SSDEEP
  
  1536:LxETPkgcky/Vht7ILmkAP3T3pzJuhyicgcqd33+9fAbsZ7Yg53zf5ej:LWT3yCfUZfucU3s+q8g53zfA
Score

10^/10

persistence runningrat rat
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- RunningRat payload
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

runningratpersistencerat