General

  • Target

    W2-AND-1099-A_PDF.jar

  • Size

    619KB

  • Sample

    240228-xbzynaba9w

  • MD5

    e09c100ccd2443603da3bc66f4564424

  • SHA1

    0e0a646879fb797e5b6e88bd3fc870be5116c2d7

  • SHA256

    7336bbbddf551fc0bc36d820cb702452750e426608b5caf0cc92707c41499be3

  • SHA512

    cce226c3785b741dcd1aed871d691818a04d84ea87c37eeaad835a5091ec0748372c7b96dc8271bb71fd0d3461090153a11519ac4c3cb9305f0f399e4fa55432

  • SSDEEP

    12288:pzw60AvjBPrtU7ebS7Qzx9qjF5jURClCn+jprJaA2GvhJv:e60GjBPriib3zT4FJ0ClCQ2LG5B

Malware Config

Targets

    • Target

      W2-AND-1099-A_PDF.jar

    • Size

      619KB

    • MD5

      e09c100ccd2443603da3bc66f4564424

    • SHA1

      0e0a646879fb797e5b6e88bd3fc870be5116c2d7

    • SHA256

      7336bbbddf551fc0bc36d820cb702452750e426608b5caf0cc92707c41499be3

    • SHA512

      cce226c3785b741dcd1aed871d691818a04d84ea87c37eeaad835a5091ec0748372c7b96dc8271bb71fd0d3461090153a11519ac4c3cb9305f0f399e4fa55432

    • SSDEEP

      12288:pzw60AvjBPrtU7ebS7Qzx9qjF5jURClCn+jprJaA2GvhJv:e60GjBPriib3zT4FJ0ClCQ2LG5B

    • Ratty

      Ratty is an open source Java Remote Access Tool.

    • Ratty Rat payload

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks