ratty | 2870e91faf799f431115adfd00bc8a7573f197c29b57d3f7e3f6f85eee28928b | Triage

Sharing

General

Target

2502c807c3327021f622fd468781f85d
Size

332KB
Sample

231231-c8243aachn
MD5

2502c807c3327021f622fd468781f85d
SHA1

47d237b21f15e64bd56f0eff1fe3df549f355ae2
SHA256

2870e91faf799f431115adfd00bc8a7573f197c29b57d3f7e3f6f85eee28928b
SHA512

1a097a75053cc5bb0cc1896fdc0a7713b97048a909d0baf10f496334e5dcce6a0cbd3a65d1992039125eaa4944ab40c8587ac91c4924824452ba0a95dc394c14
SSDEEP

6144:JZjgS007NNMX/+DoklCAFNWClCA+jp02GmaZ/ZJSEPavLFjt+Wz:JZNNNzbCClCA+jp02GmWhJnav5jUI

Score

10^/10

ratty discovery persistence rat trojan

Malware Config

Targets

- Target
  
  2502c807c3327021f622fd468781f85d
- Size
  
  332KB
- MD5
  
  2502c807c3327021f622fd468781f85d
- SHA1
  
  47d237b21f15e64bd56f0eff1fe3df549f355ae2
- SHA256
  
  2870e91faf799f431115adfd00bc8a7573f197c29b57d3f7e3f6f85eee28928b
- SHA512
  
  1a097a75053cc5bb0cc1896fdc0a7713b97048a909d0baf10f496334e5dcce6a0cbd3a65d1992039125eaa4944ab40c8587ac91c4924824452ba0a95dc394c14
- SSDEEP
  
  6144:JZjgS007NNMX/+DoklCAFNWClCA+jp02GmaZ/ZJSEPavLFjt+Wz:JZNNNzbCClCA+jp02GmWhJnav5jUI
Score

10^/10

ratty discovery persistence rat trojan
- Ratty
  Ratty is an open source Java Remote Access Tool.
  trojan rat ratty
- Ratty Rat payload
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

rattydiscoverypersistencerattrojan