Overview

overview

10

Static

static

10

2023-FILES...DF.jar

windows7-x64

1

2023-FILES...DF.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2023-FILES-MY1040-w2-IRS-letter-1099r_PDF.zip

  • Size

    747KB

  • Sample

    240208-ajb58sbe54

  • MD5

    0c3a3f672bc53a81c2e704de785108f6

  • SHA1

    41bc84ba7a876c9b9f5e395e9da1bb7d7c071e4c

  • SHA256

    892259f6f9ac19e8375b35e6838c0c4f17052041306f199eb59b6857fe07bedf

  • SHA512

    0e56073030172199dcd1ccf68792aa44f63d1f7a3f78f1ca18984bc145785486efb621bbad9a541f810418c398e4a229a78f7f17c096891dcdd8744e9eceb852

  • SSDEEP

    12288:Ke4+jpMAzLogfmWFnJpv+qENiyYehDkbDQMuhqT2OD3ErWF8jkTpdlDg5LpYxWXO:KeFGAww/FnJpREoBesDd3243FFv5gtpe

Score
10/10
rattydiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      2023-FILES-MY1040-w2-IRS-letter-1099r_PDF.jar

    • Size

      761KB

    • MD5

      22e4d501be6ca69e29bc2a21782bd9e1

    • SHA1

      93bd6f32a6afec897679ec96feb72627ea79d6ef

    • SHA256

      1b7560d64e9fc2a468cc3e251669dd05df851f6432b8f3c373f06bd6aaf82d31

    • SHA512

      f4b836bc1aaaece82e2ef590bb214227c23578d57f8e4caf6778f269b85b4337dda99a8f43cb5d286b44528c8d7ac25e6d42a899a98dcdc6047aeb59fdea3c83

    • SSDEEP

      12288:XClCM+jp72GYshJCa65jUXBosjWhMMJWX7AfoJLTpbyjkGZnCgAJt5JEXOG4Ir:XClCRMGhz6JOi4XMwXWoJHUYYnCgAJru

    Score
    10/10
    rattydiscoverypersistencerattrojan

    • Ratty

      Ratty is an open source Java Remote Access Tool.

      trojanratratty

    • Ratty Rat payload

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

2
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks