Overview

overview

10

Static

static

10

W2-AND-1095-A_PDF.jar

windows7-x64

1

W2-AND-1095-A_PDF.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    W2-AND-1095-A_PDF.jar

  • Size

    766KB

  • Sample

    240229-vdbyhafd96

  • MD5

    7e3adb5fe223d34464fd3da3cc2aebc9

  • SHA1

    fd6123aa0e064e9a71873ac2d6ff05555dd44532

  • SHA256

    35457ef70c460a876c61331b98913095482ebd5ca1fa08de5f50efefcce38c31

  • SHA512

    233325833e309eaacc9af1b3ebe82de3b1141e9ec16b2ebf027a5f961f0f000181acc7615f0c9fb2b800f814a9c68462e61803f01cfd2f27f3e0781f4f8d60ae

  • SSDEEP

    12288:PClCt+jpc2GXdhJ/af5jUPJLsZ8A3K6aZZI6rlGE6uFehPfDmNCzD6tRMaSjX33c:PClCC1GjEfJgJAHsZZt0ENMhPb8iD6t9

Score
10/10
rattydiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      W2-AND-1095-A_PDF.jar

    • Size

      766KB

    • MD5

      7e3adb5fe223d34464fd3da3cc2aebc9

    • SHA1

      fd6123aa0e064e9a71873ac2d6ff05555dd44532

    • SHA256

      35457ef70c460a876c61331b98913095482ebd5ca1fa08de5f50efefcce38c31

    • SHA512

      233325833e309eaacc9af1b3ebe82de3b1141e9ec16b2ebf027a5f961f0f000181acc7615f0c9fb2b800f814a9c68462e61803f01cfd2f27f3e0781f4f8d60ae

    • SSDEEP

      12288:PClCt+jpc2GXdhJ/af5jUPJLsZ8A3K6aZZI6rlGE6uFehPfDmNCzD6tRMaSjX33c:PClCC1GjEfJgJAHsZZt0ENMhPb8iD6t9

    Score
    10/10
    rattydiscoverypersistencerattrojan

    • Ratty

      Ratty is an open source Java Remote Access Tool.

      trojanratratty

    • Ratty Rat payload

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

2
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks