Overview

overview

10

Static

static

10

2023-FILES...DF.jar

windows7-x64

1

2023-FILES...DF.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2023-FILES-MY1040-w2-IRS-letter-1099r_PDF.zip

  • Size

    747KB

  • Sample

    240209-vbp3caeg63

  • MD5

    bb78624ef9c84c64dc0451fd65cf04f5

  • SHA1

    9163710bcda4be6efb726dae5cb958ac86febe9a

  • SHA256

    49110af00cc7ff0fd496c1cecade5412c31b26bef815cd32260cc575b21df441

  • SHA512

    4c2532abb63b9bd9bde2d214c6bbfbbf30947218eaa0acfaafaeaf245e1dc7398438d14e83d6adf89f13c2f1c63e9336ed60d6a7a4a8f8180e852acefd1feaf0

  • SSDEEP

    12288:Ve4+jpMAzLogfmWFnBKJE4XIPiaa6d6wgMXLhVZL2FEl8zrsqlSU8W8bNIzWSeFE:VeFGAww/Fnp4Xw+wjZi/sq8qcyePfnu

Score
10/10
rattydiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      2023-FILES-MY1040-w2-IRS-letter-1099r_PDF.jar

    • Size

      761KB

    • MD5

      17bf81109991d0d312020200f79f3811

    • SHA1

      f2dbc4b212bfc7bbcdc4788e9e3b08eb95429d88

    • SHA256

      fb420fbabbd1bb240d07d01b3841943d457b9ccc0f019e4b7b80973d8a282d57

    • SHA512

      cbd42dbdea33882a0d6d5b959a876d95adedd4b157c0da6d326b28fb85af9363f12c2e8d89a18f51e8d5dc1a902177e87aa42009d96575777c8c920fe8539b1b

    • SSDEEP

      12288:3ClC9+jpc2G/dhJPa/5jUaKIJ9Rey6CbtQydDR8Fh5nsrD4f/d0hWSdWhJvRvlc0:3ClCyNGLE/JH9wyRDRSdOMNrCWTvLc/8

    Score
    10/10
    rattydiscoverypersistencerattrojan

    • Ratty

      Ratty is an open source Java Remote Access Tool.

      trojanratratty

    • Ratty Rat payload

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

2
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks