General

  • Target

    Voice-message_MP3.jar

  • Size

    1.6MB

  • Sample

    221214-ywjb3sba37

  • MD5

    43764757112dc0e26f583d520b261ae7

  • SHA1

    ee9235944fa7e215fce1c2d13b5debae783e077b

  • SHA256

    28c6d8cd703e3b80e01c90b846329c36475d9451597d2b899da5424e7bf22164

  • SHA512

    1e598d5d873ceb854ab6a9e323ef67dca90c5064a6dd858e7eb075f0346e1f961c7049614a68df8569a43e16aab8ff3ca8d798097bd7153f62ae46d6863ca92a

  • SSDEEP

    49152:x5VSVXzECUFRBxevgwgAUYw+DAoVegHvGs8AA:x5VSN8Riv2ZYj0obGs8r

Malware Config

Targets

    • Target

      Voice-message_MP3.jar

    • Size

      1.6MB

    • MD5

      43764757112dc0e26f583d520b261ae7

    • SHA1

      ee9235944fa7e215fce1c2d13b5debae783e077b

    • SHA256

      28c6d8cd703e3b80e01c90b846329c36475d9451597d2b899da5424e7bf22164

    • SHA512

      1e598d5d873ceb854ab6a9e323ef67dca90c5064a6dd858e7eb075f0346e1f961c7049614a68df8569a43e16aab8ff3ca8d798097bd7153f62ae46d6863ca92a

    • SSDEEP

      49152:x5VSVXzECUFRBxevgwgAUYw+DAoVegHvGs8AA:x5VSN8Riv2ZYj0obGs8r

    • Ratty

      Ratty is an open source Java Remote Access Tool.

    • Ratty Rat payload

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Defense Evasion

Modify Registry

2
T1112

Hidden Files and Directories

1
T1158

Tasks