ratty | 5ad2ab6cd7173a6988a750931c30d6f2c59d4458d55edef5eeda98421fc5193e | Triage

Sharing

General

Target

Voice-message_MP3.zip
Size

1.6MB
Sample

221214-ycdmgsah85
MD5

0e59ac3ca25478d4de95a38996a9b2d4
SHA1

a545dbf54c04cc0b6cce84f9815d3540c6860f2a
SHA256

5ad2ab6cd7173a6988a750931c30d6f2c59d4458d55edef5eeda98421fc5193e
SHA512

76b6efe72efd78eb63159c3ae41140a9b8068291288201b53d22f0f7f15f9fd53d790a3b5496e9acbdb622754f413c9e5a3c694d2ac5c3ca53f1cd94de9d6e48
SSDEEP

24576:6TpCqcjXU7dR4IIT0KcoqrtvUJZ3AA7Sqy7AYFkIOxprMk6CUiClcTGM:6NKkmwK/qZvyZx7/G2IgrMfyhTGM

Score

10^/10

ratty persistence rat trojan

Malware Config

Targets

- Target
  
  Voice-message_MP3.jar
- Size
  
  1.6MB
- MD5
  
  191e73e48b19a14a907a1d3eb0daa6b3
- SHA1
  
  21bbbd32a3169d60fb807f2d5b08af4d1d48b71c
- SHA256
  
  9c336166648a6cf0a84daaf76d803245fb3103a48d7d870815ade3046d39a36b
- SHA512
  
  6e22fda5681b1e4b6d58ee406233eae0f1b7008ebb83cbef4f588704167d4a415da806ece8b3ccc4ad0fc6608ead2c1b7a418f25640f289073ab98971ec31b1f
- SSDEEP
  
  24576:pEQjxOpbjjV6eyQOU46vUu0pbFAkxw7PJe8j/pP/mIDors6M/7ClCiDGTcJy:O2xEjBxXOUDvibdxw7PJZN2IDwMDwKT5
Score

10^/10

ratty persistence rat trojan
- Ratty
  Ratty is an open source Java Remote Access Tool.
  trojan rat ratty
- Ratty Rat payload
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rattypersistencerattrojan