Overview

overview

10

Static

static

10

af7f264ed4...18.jar

windows7-x64

1

af7f264ed4...18.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af7f264ed40f293a01ee685ee7d42daf_JaffaCakes118

  • Size

    332KB

  • Sample

    240404-eynj2aee6w

  • MD5

    af7f264ed40f293a01ee685ee7d42daf

  • SHA1

    a20caef9550c2ae144529b60598b5f58e63a409a

  • SHA256

    2436fa28a278522c298b3a398ddc553c96c4be29ae7b433a999ad49ac71d656c

  • SHA512

    05a060fe3d4b9f92180987d742e5ecad0deb1c5d2cbb1deec0fb31af8ddc5aa867b73ac0b9af02a764c453ba50fc4e9bd6d42b83b294a9e9bcf91b32c34ded7d

  • SSDEEP

    6144:JZjgS007NNMX/+DoklCAFNWClCA+jp02GmaZ/ZJSEPavLFjt+WU:JZNNNzbCClCA+jp02GmWhJnav5jU7

Score
10/10
rattydiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      af7f264ed40f293a01ee685ee7d42daf_JaffaCakes118

    • Size

      332KB

    • MD5

      af7f264ed40f293a01ee685ee7d42daf

    • SHA1

      a20caef9550c2ae144529b60598b5f58e63a409a

    • SHA256

      2436fa28a278522c298b3a398ddc553c96c4be29ae7b433a999ad49ac71d656c

    • SHA512

      05a060fe3d4b9f92180987d742e5ecad0deb1c5d2cbb1deec0fb31af8ddc5aa867b73ac0b9af02a764c453ba50fc4e9bd6d42b83b294a9e9bcf91b32c34ded7d

    • SSDEEP

      6144:JZjgS007NNMX/+DoklCAFNWClCA+jp02GmaZ/ZJSEPavLFjt+WU:JZNNNzbCClCA+jp02GmWhJnav5jU7

    Score
    10/10
    rattydiscoverypersistencerattrojan

    • Ratty

      Ratty is an open source Java Remote Access Tool.

      trojanratratty

    • Ratty Rat payload

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

2
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks