ratty | 7336bbbddf551fc0bc36d820cb702452750e426608b5caf0cc92707c41499be3 | Triage

Sharing

General

Target

cza7vd9VH8C8Ntggy3AkUnUOQmYItcrwzJJwfEFJm_M.bin
Size

619KB
Sample

240228-xwdk6abf51
MD5

e09c100ccd2443603da3bc66f4564424
SHA1

0e0a646879fb797e5b6e88bd3fc870be5116c2d7
SHA256

7336bbbddf551fc0bc36d820cb702452750e426608b5caf0cc92707c41499be3
SHA512

cce226c3785b741dcd1aed871d691818a04d84ea87c37eeaad835a5091ec0748372c7b96dc8271bb71fd0d3461090153a11519ac4c3cb9305f0f399e4fa55432
SSDEEP

12288:pzw60AvjBPrtU7ebS7Qzx9qjF5jURClCn+jprJaA2GvhJv:e60GjBPriib3zT4FJ0ClCQ2LG5B

Score

10^/10

ratty discovery persistence rat trojan

Malware Config

Targets

- Target
  
  cza7vd9VH8C8Ntggy3AkUnUOQmYItcrwzJJwfEFJm_M.bin
- Size
  
  619KB
- MD5
  
  e09c100ccd2443603da3bc66f4564424
- SHA1
  
  0e0a646879fb797e5b6e88bd3fc870be5116c2d7
- SHA256
  
  7336bbbddf551fc0bc36d820cb702452750e426608b5caf0cc92707c41499be3
- SHA512
  
  cce226c3785b741dcd1aed871d691818a04d84ea87c37eeaad835a5091ec0748372c7b96dc8271bb71fd0d3461090153a11519ac4c3cb9305f0f399e4fa55432
- SSDEEP
  
  12288:pzw60AvjBPrtU7ebS7Qzx9qjF5jURClCn+jprJaA2GvhJv:e60GjBPriib3zT4FJ0ClCQ2LG5B
Score

10^/10

ratty discovery persistence rat trojan
- Ratty
  Ratty is an open source Java Remote Access Tool.
  trojan rat ratty
- Ratty Rat payload
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

rattydiscoverypersistencerattrojan