ratty | 892259f6f9ac19e8375b35e6838c0c4f17052041306f199eb59b6857fe07bedf | Triage

Sharing

General

Target

2023-FILES-MY1040-w2-IRS-letter-1099r_PDF.zip
Size

747KB
Sample

240208-ajb58sbe54
MD5

0c3a3f672bc53a81c2e704de785108f6
SHA1

41bc84ba7a876c9b9f5e395e9da1bb7d7c071e4c
SHA256

892259f6f9ac19e8375b35e6838c0c4f17052041306f199eb59b6857fe07bedf
SHA512

0e56073030172199dcd1ccf68792aa44f63d1f7a3f78f1ca18984bc145785486efb621bbad9a541f810418c398e4a229a78f7f17c096891dcdd8744e9eceb852
SSDEEP

12288:Ke4+jpMAzLogfmWFnJpv+qENiyYehDkbDQMuhqT2OD3ErWF8jkTpdlDg5LpYxWXO:KeFGAww/FnJpREoBesDd3243FFv5gtpe

Score

10^/10

ratty discovery persistence rat trojan

Malware Config

Targets

- Target
  
  2023-FILES-MY1040-w2-IRS-letter-1099r_PDF.jar
- Size
  
  761KB
- MD5
  
  22e4d501be6ca69e29bc2a21782bd9e1
- SHA1
  
  93bd6f32a6afec897679ec96feb72627ea79d6ef
- SHA256
  
  1b7560d64e9fc2a468cc3e251669dd05df851f6432b8f3c373f06bd6aaf82d31
- SHA512
  
  f4b836bc1aaaece82e2ef590bb214227c23578d57f8e4caf6778f269b85b4337dda99a8f43cb5d286b44528c8d7ac25e6d42a899a98dcdc6047aeb59fdea3c83
- SSDEEP
  
  12288:XClCM+jp72GYshJCa65jUXBosjWhMMJWX7AfoJLTpbyjkGZnCgAJt5JEXOG4Ir:XClCRMGhz6JOi4XMwXWoJHUYYnCgAJru
Score

10^/10

ratty discovery persistence rat trojan
- Ratty
  Ratty is an open source Java Remote Access Tool.
  trojan rat ratty
- Ratty Rat payload
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rattydiscoverypersistencerattrojan