Overview

overview

10

Static

static

1

Tax_documents_JPG.jar

windows7-x64

10

Tax_documents_JPG.jar

windows10-2004-x64

10

Resubmissions

03-04-2024 18:51

240403-xhlplshe4x 10

03-04-2024 18:47

240403-xfehhshg79 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Tax_documents_JPG.jar

  • Size

    429KB

  • Sample

    240403-xfehhshg79

  • MD5

    b600058b62cbca0ace1c87e4dc1eab56

  • SHA1

    16cfb0fbf7fa4b821c6313a9512f1b04aa693813

  • SHA256

    811de6570cf64d430a2c0af6fd2ce4214e61d5fd6f7adaae6d1bf4791b4d11e0

  • SHA512

    af0e7c3d18b659204b7b78ec948feeae04e47d4d0210ef32833278d078fbe6f3d8a9de3cdd8364e7f4b89dec372cd47dbde4d478c9b78641c080301490936d82

  • SSDEEP

    6144:LxHPsAEkCqNL+MbHEMVw4zYr/mglY20Ozj/fjRs+Cxd32oSTklkCNPaawJzkfpSy:ekCqPkgpsr/JzynSTtir0usYPuJ6Aax

Score
10/10
rattydiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      Tax_documents_JPG.jar

    • Size

      429KB

    • MD5

      b600058b62cbca0ace1c87e4dc1eab56

    • SHA1

      16cfb0fbf7fa4b821c6313a9512f1b04aa693813

    • SHA256

      811de6570cf64d430a2c0af6fd2ce4214e61d5fd6f7adaae6d1bf4791b4d11e0

    • SHA512

      af0e7c3d18b659204b7b78ec948feeae04e47d4d0210ef32833278d078fbe6f3d8a9de3cdd8364e7f4b89dec372cd47dbde4d478c9b78641c080301490936d82

    • SSDEEP

      6144:LxHPsAEkCqNL+MbHEMVw4zYr/mglY20Ozj/fjRs+Cxd32oSTklkCNPaawJzkfpSy:ekCqPkgpsr/JzynSTtir0usYPuJ6Aax

    Score
    10/10
    rattyrattrojandiscoverypersistence

    • Ratty

      Ratty is an open source Java Remote Access Tool.

      trojanratratty

    • Ratty Rat payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

2
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks