Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RBRat.exe
-
Size
689KB
-
Sample
230901-lxw84sdh9w
-
MD5
f0cb80486ef6b557926c70e38deed7d7
-
SHA1
8a462ea003c6d8e8ad63b2ab519485327395dfdc
-
SHA256
a615c1b27a5c74a73281eb46e0ba7aa7427c05f41f24aac189f8bf2fd7f6cbf1
-
SHA512
e733eb81a2bf89dd9c06b9994b578f2af45ea038e02e1400da13f0813e1674bec8778392608ba465a0f78d9c7e66557ca1cc6b195b5b39a783df6174753b2a95
-
SSDEEP
12288:qubsNSOetfARQAPyGUfT+tkr5X6nb3+noe9OJFc1pv79/kAxD7hZnMn:qubsnafAPyjZr5X6qofFcTGAB7U
Static task
static1
Behavioral task
behavioral1
Sample
RBRat.exe
Resource
win7-20230831-en
Malware Config
Targets
-
-
Target
RBRat.exe
-
Size
689KB
-
MD5
f0cb80486ef6b557926c70e38deed7d7
-
SHA1
8a462ea003c6d8e8ad63b2ab519485327395dfdc
-
SHA256
a615c1b27a5c74a73281eb46e0ba7aa7427c05f41f24aac189f8bf2fd7f6cbf1
-
SHA512
e733eb81a2bf89dd9c06b9994b578f2af45ea038e02e1400da13f0813e1674bec8778392608ba465a0f78d9c7e66557ca1cc6b195b5b39a783df6174753b2a95
-
SSDEEP
12288:qubsNSOetfARQAPyGUfT+tkr5X6nb3+noe9OJFc1pv79/kAxD7hZnMn:qubsnafAPyjZr5X6qofFcTGAB7U
Score8/10-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
BITS Jobs
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1