ratty | 61a85dbaa24eede4c2f39d7630ca79916e6d9354d233b127f96b3428d3d7f161 | Triage

Sharing

General

Target

97294f37f96e37ed20c5f7f9724a2197
Size

332KB
Sample

231219-zef13aabe3
MD5

97294f37f96e37ed20c5f7f9724a2197
SHA1

73f64f6b2e479915749959b1d931aa0d37daa6ac
SHA256

61a85dbaa24eede4c2f39d7630ca79916e6d9354d233b127f96b3428d3d7f161
SHA512

542ac7d9a4e0f8cca849d3bc69d5ede30313f31ccd5717a756d21abcb66058519328ee6016d5d66cd18cfcf8dcd37d4f860afa756f6913870b32259511061189
SSDEEP

6144:JZjgS007NNMX/+DoklCAFNWClCA+jp02GmaZ/ZJSEPavLFjt+WT:JZNNNzbCClCA+jp02GmWhJnav5jUI

Score

10^/10

ratty discovery persistence rat trojan

Malware Config

Targets

- Target
  
  97294f37f96e37ed20c5f7f9724a2197
- Size
  
  332KB
- MD5
  
  97294f37f96e37ed20c5f7f9724a2197
- SHA1
  
  73f64f6b2e479915749959b1d931aa0d37daa6ac
- SHA256
  
  61a85dbaa24eede4c2f39d7630ca79916e6d9354d233b127f96b3428d3d7f161
- SHA512
  
  542ac7d9a4e0f8cca849d3bc69d5ede30313f31ccd5717a756d21abcb66058519328ee6016d5d66cd18cfcf8dcd37d4f860afa756f6913870b32259511061189
- SSDEEP
  
  6144:JZjgS007NNMX/+DoklCAFNWClCA+jp02GmaZ/ZJSEPavLFjt+WT:JZNNNzbCClCA+jp02GmWhJnav5jUI
Score

10^/10

ratty discovery persistence rat trojan
- Ratty
  Ratty is an open source Java Remote Access Tool.
  trojan rat ratty
- Ratty Rat payload
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

rattydiscoverypersistencerattrojan