runningrat | 2e8018f36f3e682f8c8f407448cb2c41e639707c251ae5877090d61286143ba4 | Triage

Sharing

General

Target

awfasf.exe
Size

68KB
Sample

240314-paaclsdh38
MD5

c3e87d5de68cefd51bdd950b3d6c488b
SHA1

78086f01b5aacf7f7bd13e62d842f0e89b36662a
SHA256

2e8018f36f3e682f8c8f407448cb2c41e639707c251ae5877090d61286143ba4
SHA512

6929ae82a700e55d953c753b7aff2c8e4db0717a18bbc20bd502223a8dd17d5dce1ea4e2d9c081206826a4c006285b2a26042e8bf8e3110ae03d517048279962
SSDEEP

768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMIWV:BHJaAoHoc2x7bZoYBAcQlwJdMq

Score

10^/10

runningrat persistence rat

Malware Config

Targets

- Target
  
  awfasf.exe
- Size
  
  68KB
- MD5
  
  c3e87d5de68cefd51bdd950b3d6c488b
- SHA1
  
  78086f01b5aacf7f7bd13e62d842f0e89b36662a
- SHA256
  
  2e8018f36f3e682f8c8f407448cb2c41e639707c251ae5877090d61286143ba4
- SHA512
  
  6929ae82a700e55d953c753b7aff2c8e4db0717a18bbc20bd502223a8dd17d5dce1ea4e2d9c081206826a4c006285b2a26042e8bf8e3110ae03d517048279962
- SSDEEP
  
  768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMIWV:BHJaAoHoc2x7bZoYBAcQlwJdMq
Score

10^/10

runningrat persistence rat
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- RunningRat payload
- Sets DLL path for service in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

runningratpersistencerat

behavioral2

runningratpersistencerat