General

  • Target

    Voice-message_MP3.zip

  • Size

    1.6MB

  • Sample

    221214-ycdmgsah85

  • MD5

    0e59ac3ca25478d4de95a38996a9b2d4

  • SHA1

    a545dbf54c04cc0b6cce84f9815d3540c6860f2a

  • SHA256

    5ad2ab6cd7173a6988a750931c30d6f2c59d4458d55edef5eeda98421fc5193e

  • SHA512

    76b6efe72efd78eb63159c3ae41140a9b8068291288201b53d22f0f7f15f9fd53d790a3b5496e9acbdb622754f413c9e5a3c694d2ac5c3ca53f1cd94de9d6e48

  • SSDEEP

    24576:6TpCqcjXU7dR4IIT0KcoqrtvUJZ3AA7Sqy7AYFkIOxprMk6CUiClcTGM:6NKkmwK/qZvyZx7/G2IgrMfyhTGM

Malware Config

Targets

    • Target

      Voice-message_MP3.jar

    • Size

      1.6MB

    • MD5

      191e73e48b19a14a907a1d3eb0daa6b3

    • SHA1

      21bbbd32a3169d60fb807f2d5b08af4d1d48b71c

    • SHA256

      9c336166648a6cf0a84daaf76d803245fb3103a48d7d870815ade3046d39a36b

    • SHA512

      6e22fda5681b1e4b6d58ee406233eae0f1b7008ebb83cbef4f588704167d4a415da806ece8b3ccc4ad0fc6608ead2c1b7a418f25640f289073ab98971ec31b1f

    • SSDEEP

      24576:pEQjxOpbjjV6eyQOU46vUu0pbFAkxw7PJe8j/pP/mIDors6M/7ClCiDGTcJy:O2xEjBxXOUDvibdxw7PJZN2IDwMDwKT5

    • Ratty

      Ratty is an open source Java Remote Access Tool.

    • Ratty Rat payload

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Defense Evasion

Modify Registry

2
T1112

Hidden Files and Directories

1
T1158

Tasks