ratty | 49110af00cc7ff0fd496c1cecade5412c31b26bef815cd32260cc575b21df441 | Triage

Sharing

General

Target

2023-FILES-MY1040-w2-IRS-letter-1099r_PDF.zip
Size

747KB
Sample

240209-vbp3caeg63
MD5

bb78624ef9c84c64dc0451fd65cf04f5
SHA1

9163710bcda4be6efb726dae5cb958ac86febe9a
SHA256

49110af00cc7ff0fd496c1cecade5412c31b26bef815cd32260cc575b21df441
SHA512

4c2532abb63b9bd9bde2d214c6bbfbbf30947218eaa0acfaafaeaf245e1dc7398438d14e83d6adf89f13c2f1c63e9336ed60d6a7a4a8f8180e852acefd1feaf0
SSDEEP

12288:Ve4+jpMAzLogfmWFnBKJE4XIPiaa6d6wgMXLhVZL2FEl8zrsqlSU8W8bNIzWSeFE:VeFGAww/Fnp4Xw+wjZi/sq8qcyePfnu

Score

10^/10

ratty discovery persistence rat trojan

Malware Config

Targets

- Target
  
  2023-FILES-MY1040-w2-IRS-letter-1099r_PDF.jar
- Size
  
  761KB
- MD5
  
  17bf81109991d0d312020200f79f3811
- SHA1
  
  f2dbc4b212bfc7bbcdc4788e9e3b08eb95429d88
- SHA256
  
  fb420fbabbd1bb240d07d01b3841943d457b9ccc0f019e4b7b80973d8a282d57
- SHA512
  
  cbd42dbdea33882a0d6d5b959a876d95adedd4b157c0da6d326b28fb85af9363f12c2e8d89a18f51e8d5dc1a902177e87aa42009d96575777c8c920fe8539b1b
- SSDEEP
  
  12288:3ClC9+jpc2G/dhJPa/5jUaKIJ9Rey6CbtQydDR8Fh5nsrD4f/d0hWSdWhJvRvlc0:3ClCyNGLE/JH9wyRDRSdOMNrCWTvLc/8
Score

10^/10

ratty discovery persistence rat trojan
- Ratty
  Ratty is an open source Java Remote Access Tool.
  trojan rat ratty
- Ratty Rat payload
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rattydiscoverypersistencerattrojan