rurat | 20ab498b278b14f3786f634778a04d219c74e9fd8517b98f4aca313c9934b7f2 | Triage

Submit
Reports

Overview

overview

Static

static

3

Елект...ї.exe

windows10-2004-x64

Resubmissions

19-02-2024 13:09

240219-qd2rpsdh42 10

19-02-2024 12:34

240219-pr4b1sdb8w 10

22-01-2024 20:46

240122-zkqsfsdgf8 10

22-01-2024 16:08

240122-tk9bxaadck 10

Sharing

General

Target

plan_dsns.gov.ua.rar
Size

19.8MB
Sample

240122-zkqsfsdgf8
MD5

21e4a83a29d2ff9f76ec9bcf15ac4496
SHA1

06b5e8071ed87d62d09409b44ceec37c8cb60fac
SHA256

20ab498b278b14f3786f634778a04d219c74e9fd8517b98f4aca313c9934b7f2
SHA512

cb83ec603a96daec50b6934e2f1c3f4e4472c54b1db23b37188e56ad7a1b09e3fc0e8340887cb27b8e90c32108779b8ade0c4a0977303ff7e08d4ed75489a1fa
SSDEEP

393216:hEPPp5MO9/LXjaB2LUPdtiY0NyyNXV1nUepybF/N:hEnp5MK/LXmBfPdEMVeIh1

Score

10^/10

rurat backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Електронний план евакуації.exe

Resource

win10v2004-20231215-en

rurat backdoor trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  Електронний план евакуації.exe
- Size
  
  20.1MB
- MD5
  
  9b40a1519801020305e31e553a3e82ab
- SHA1
  
  cdb31b4af42b3fb27527839ecf26d1c26f2a5d06
- SHA256
  
  5158482849c818c270f302c1dfa06d770ed2b5056cf393d60fd56817636866da
- SHA512
  
  57fb1869dee12253b97d787e26398ee2cd00c8bea8feaa737ffe0c61f5cad342a956cc0357cfb3551d31425df5cf857db560b3b97d16e57d5a8596d45f42bca9
- SSDEEP
  
  393216:zTrD0wz5HtKIdVtvz75Un+2PJ3L6LBQ45TDmZmLCAJ+JuuPUg9ScrRl:TgwdHUyVtvz75Un+uhs5TWmODgyaA
Score

10^/10

rurat backdoor trojan
- RuRAT
  RuRAT is a remote admin tool sold as legitimate software but regularly abused in malicious phishing campaigns.
  trojan backdoor rurat
- RURAT CERTIFICATE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ruratbackdoortrojan

© 2018-2024

Terms | Privacy