runningrat | 2dc388e62caa2497c4ba6a3a17b39a82a9f0cb9ec21921f893381215d82f073f | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

801KB
Sample

230522-tseghacb9v
MD5

55bf28cbd852233ddf8de2f24dad5787
SHA1

98a8794770fc469bf03c0c9d2a49230146add536
SHA256

2dc388e62caa2497c4ba6a3a17b39a82a9f0cb9ec21921f893381215d82f073f
SHA512

339b33fc1fd2dc8cee2f5b223a18af993781e3c164344023b6b14724d6d86704200af40ab46307b19507c0309f057e6ec1269363ad7252bce91a75aa5a320b06
SSDEEP

12288:GMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9zl6MMAj:GnsJ39LyjbJkQFMhmC+6GD993

Score

10^/10

runningrat persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230220-en

runningrat persistence rat

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230220-en

runningrat persistence rat

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  801KB
- MD5
  
  55bf28cbd852233ddf8de2f24dad5787
- SHA1
  
  98a8794770fc469bf03c0c9d2a49230146add536
- SHA256
  
  2dc388e62caa2497c4ba6a3a17b39a82a9f0cb9ec21921f893381215d82f073f
- SHA512
  
  339b33fc1fd2dc8cee2f5b223a18af993781e3c164344023b6b14724d6d86704200af40ab46307b19507c0309f057e6ec1269363ad7252bce91a75aa5a320b06
- SSDEEP
  
  12288:GMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9zl6MMAj:GnsJ39LyjbJkQFMhmC+6GD993
Score

10^/10

runningrat persistence rat
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- RunningRat payload
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Creates a Windows Service
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

runningratpersistencerat

behavioral2

runningratpersistencerat

© 2018-2025

Terms | Privacy