runningrat | 7d693069636a46d7d430ced104854e7a19da09fc0b1e9c43e6ac55ab52bd8eea | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

48KB
Sample

240301-zb8a5sda98
MD5

d65c7a3cb25eb79571854b5fab17be35
SHA1

6c980e0357dea99771704f3f122d369d90fefd5f
SHA256

7d693069636a46d7d430ced104854e7a19da09fc0b1e9c43e6ac55ab52bd8eea
SHA512

bcd1a7598f1740e3838592c4a853e04caa78709a98454be0f8ab7cc2a4973c12e639192f676504ee97c7cbc6e34278011d998656ac8f81dccfc56e7455eb7678
SSDEEP

768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67VhPC:Ub1MsHz3JDwhyWr+N95OTga6u

Score

10^/10

runningrat persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20240215-en

runningrat persistence rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20240226-en

runningrat persistence rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  48KB
- MD5
  
  d65c7a3cb25eb79571854b5fab17be35
- SHA1
  
  6c980e0357dea99771704f3f122d369d90fefd5f
- SHA256
  
  7d693069636a46d7d430ced104854e7a19da09fc0b1e9c43e6ac55ab52bd8eea
- SHA512
  
  bcd1a7598f1740e3838592c4a853e04caa78709a98454be0f8ab7cc2a4973c12e639192f676504ee97c7cbc6e34278011d998656ac8f81dccfc56e7455eb7678
- SSDEEP
  
  768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67VhPC:Ub1MsHz3JDwhyWr+N95OTga6u
Score

10^/10

runningrat persistence rat
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Creates a Windows Service
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

runningratpersistencerat

behavioral2

runningratpersistencerat

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.