Overview

overview

10

Static

static

3

Елект...ї.exe

windows7-x64

10

Елект...ї.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21e4a83a29d2ff9f76ec9bcf15ac4496.bin

  • Size

    19.8MB

  • Sample

    240124-bqltpaehf5

  • MD5

    21e4a83a29d2ff9f76ec9bcf15ac4496

  • SHA1

    06b5e8071ed87d62d09409b44ceec37c8cb60fac

  • SHA256

    20ab498b278b14f3786f634778a04d219c74e9fd8517b98f4aca313c9934b7f2

  • SHA512

    cb83ec603a96daec50b6934e2f1c3f4e4472c54b1db23b37188e56ad7a1b09e3fc0e8340887cb27b8e90c32108779b8ade0c4a0977303ff7e08d4ed75489a1fa

  • SSDEEP

    393216:hEPPp5MO9/LXjaB2LUPdtiY0NyyNXV1nUepybF/N:hEnp5MK/LXmBfPdEMVeIh1

Score
10/10
ruratbackdoortrojan

Malware Config

Targets

    • Target

      Електронний план евакуації.exe

    • Size

      20.1MB

    • MD5

      9b40a1519801020305e31e553a3e82ab

    • SHA1

      cdb31b4af42b3fb27527839ecf26d1c26f2a5d06

    • SHA256

      5158482849c818c270f302c1dfa06d770ed2b5056cf393d60fd56817636866da

    • SHA512

      57fb1869dee12253b97d787e26398ee2cd00c8bea8feaa737ffe0c61f5cad342a956cc0357cfb3551d31425df5cf857db560b3b97d16e57d5a8596d45f42bca9

    • SSDEEP

      393216:zTrD0wz5HtKIdVtvz75Un+2PJ3L6LBQ45TDmZmLCAJ+JuuPUg9ScrRl:TgwdHUyVtvz75Un+uhs5TWmODgyaA

    Score
    10/10
    ruratbackdoortrojan

    • RuRAT

      RuRAT is a remote admin tool sold as legitimate software but regularly abused in malicious phishing campaigns.

      trojanbackdoorrurat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks