General
-
Target
018e4cd2137de20e2142fd999d9befdf_JaffaCakes118
-
Size
415KB
-
Sample
240328-km5basec89
-
MD5
018e4cd2137de20e2142fd999d9befdf
-
SHA1
cd37af8a3b23ae0b223ae3e52c3c5b683deb23a0
-
SHA256
9832570f59982ffca53c953d3d58c95e1224ffe236fa401d3e8a2cdfe71b717c
-
SHA512
6c0ccf4c049ee705d884539857b1190e89f22567bd726b1c0f31e46ffe7392051860e124e40129fd70b6dd5b6d1c5110d5ec14400b37be00a4c228a565f2b422
-
SSDEEP
12288:TFAzU67etJXECDCXUxqyNq4D8HkxU5YCyNU:TFG77etR7CXUxfNqQxUINU
Malware Config
Targets
-
-
Target
018e4cd2137de20e2142fd999d9befdf_JaffaCakes118
-
Size
415KB
-
MD5
018e4cd2137de20e2142fd999d9befdf
-
SHA1
cd37af8a3b23ae0b223ae3e52c3c5b683deb23a0
-
SHA256
9832570f59982ffca53c953d3d58c95e1224ffe236fa401d3e8a2cdfe71b717c
-
SHA512
6c0ccf4c049ee705d884539857b1190e89f22567bd726b1c0f31e46ffe7392051860e124e40129fd70b6dd5b6d1c5110d5ec14400b37be00a4c228a565f2b422
-
SSDEEP
12288:TFAzU67etJXECDCXUxqyNq4D8HkxU5YCyNU:TFG77etR7CXUxfNqQxUINU
Score10/10-
Ratty
Ratty is an open source Java Remote Access Tool.
-
Ratty Rat payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-