ratty | 28c6d8cd703e3b80e01c90b846329c36475d9451597d2b899da5424e7bf22164 | Triage

Sharing

General

Target

Voice-message_MP3.jar
Size

1.6MB
Sample

221214-yv94eaba36
MD5

43764757112dc0e26f583d520b261ae7
SHA1

ee9235944fa7e215fce1c2d13b5debae783e077b
SHA256

28c6d8cd703e3b80e01c90b846329c36475d9451597d2b899da5424e7bf22164
SHA512

1e598d5d873ceb854ab6a9e323ef67dca90c5064a6dd858e7eb075f0346e1f961c7049614a68df8569a43e16aab8ff3ca8d798097bd7153f62ae46d6863ca92a
SSDEEP

49152:x5VSVXzECUFRBxevgwgAUYw+DAoVegHvGs8AA:x5VSN8Riv2ZYj0obGs8r

Score

10^/10

ratty persistence rat trojan

Malware Config

Targets

- Target
  
  Voice-message_MP3.jar
- Size
  
  1.6MB
- MD5
  
  43764757112dc0e26f583d520b261ae7
- SHA1
  
  ee9235944fa7e215fce1c2d13b5debae783e077b
- SHA256
  
  28c6d8cd703e3b80e01c90b846329c36475d9451597d2b899da5424e7bf22164
- SHA512
  
  1e598d5d873ceb854ab6a9e323ef67dca90c5064a6dd858e7eb075f0346e1f961c7049614a68df8569a43e16aab8ff3ca8d798097bd7153f62ae46d6863ca92a
- SSDEEP
  
  49152:x5VSVXzECUFRBxevgwgAUYw+DAoVegHvGs8AA:x5VSN8Riv2ZYj0obGs8r
Score

10^/10

ratty persistence rat trojan
- Ratty
  Ratty is an open source Java Remote Access Tool.
  trojan rat ratty
- Ratty Rat payload
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rattypersistencerattrojan