ratty | 4ed2ca0a64bc9f7c114d1a91ae0f0e946a5e32d30fca791123bbf3043befec4e | Triage

Sharing

General

Target

TtLKCmS8n3wRTRqRrg8OlGpeMtMPynkRI7vzBDvv7E4.bin
Size

764KB
Sample

230109-v887gsae2x
MD5

de926a705c02c29aec3a34162c76fa0b
SHA1

ce830780086bf326e2d62a7d59d37349f32f0ba3
SHA256

4ed2ca0a64bc9f7c114d1a91ae0f0e946a5e32d30fca791123bbf3043befec4e
SHA512

02a776c4040e72def12c5c1b588153693a89ccf583ebf4bcde628222967aaa0aa101e70ec5db679f5ee27d010cabfc2d040f64800f4047502cd51f9528ceaa2e
SSDEEP

12288:vClCR+jp42GLRhJ7ar5jU75XGC+g73MJ9GaXvf/g9QLK/OFRu+P5084ZpEPPTLiF:vClCeBGLorJQhN+W8JFXvf49QLCO6+No

Score

10^/10

ratty persistence rat trojan

Malware Config

Targets

- Target
  
  TtLKCmS8n3wRTRqRrg8OlGpeMtMPynkRI7vzBDvv7E4.bin
- Size
  
  764KB
- MD5
  
  de926a705c02c29aec3a34162c76fa0b
- SHA1
  
  ce830780086bf326e2d62a7d59d37349f32f0ba3
- SHA256
  
  4ed2ca0a64bc9f7c114d1a91ae0f0e946a5e32d30fca791123bbf3043befec4e
- SHA512
  
  02a776c4040e72def12c5c1b588153693a89ccf583ebf4bcde628222967aaa0aa101e70ec5db679f5ee27d010cabfc2d040f64800f4047502cd51f9528ceaa2e
- SSDEEP
  
  12288:vClCR+jp42GLRhJ7ar5jU75XGC+g73MJ9GaXvf/g9QLK/OFRu+P5084ZpEPPTLiF:vClCeBGLorJQhN+W8JFXvf49QLCO6+No
Score

10^/10

ratty persistence rat trojan
- Ratty
  Ratty is an open source Java Remote Access Tool.
  trojan rat ratty
- Ratty Rat payload
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

rattypersistencerattrojan