Overview

overview

10

Static

static

10

293bb44126...4f.jar

windows7-x64

1

293bb44126...4f.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    293bb44126b4c7b7a49822d7a10e873f57daba7c2e4c4a9116bc28659d03744f

  • Size

    634KB

  • Sample

    240405-pg217sbg3y

  • MD5

    d5a37c856d0e9668881e2b16bd467d16

  • SHA1

    ebda2eab3ac988d7819c75f6ab189d498c927c17

  • SHA256

    293bb44126b4c7b7a49822d7a10e873f57daba7c2e4c4a9116bc28659d03744f

  • SHA512

    520a9790d791683c26ef68fef5d98b0051ac902b76d93586feb5617bdfd84f239e35c0287d4d2da0ff28439166e6cc06b5d14abac88007919e6d655360036f63

  • SSDEEP

    12288:QdEThNA1mApKnMcL0mcjkJyiS5jUjClC/+jp5Uam2G+hJDW:Og7AsAEnMcL0DjksiSJmClCo3xGu1W

Score
10/10
rattydiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      293bb44126b4c7b7a49822d7a10e873f57daba7c2e4c4a9116bc28659d03744f

    • Size

      634KB

    • MD5

      d5a37c856d0e9668881e2b16bd467d16

    • SHA1

      ebda2eab3ac988d7819c75f6ab189d498c927c17

    • SHA256

      293bb44126b4c7b7a49822d7a10e873f57daba7c2e4c4a9116bc28659d03744f

    • SHA512

      520a9790d791683c26ef68fef5d98b0051ac902b76d93586feb5617bdfd84f239e35c0287d4d2da0ff28439166e6cc06b5d14abac88007919e6d655360036f63

    • SSDEEP

      12288:QdEThNA1mApKnMcL0mcjkJyiS5jUjClC/+jp5Uam2G+hJDW:Og7AsAEnMcL0DjksiSJmClCo3xGu1W

    Score
    10/10
    rattydiscoverypersistencerattrojan

    • Ratty

      Ratty is an open source Java Remote Access Tool.

      trojanratratty

    • Ratty Rat payload

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

2
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks