Overview

overview

10

Static

static

10

d8f2a7d4fb...18.exe

windows7-x64

10

d8f2a7d4fb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8f2a7d4fb066f89ff7806603ea0192a_JaffaCakes118

  • Size

    68KB

  • Sample

    240405-t2seqagh7v

  • MD5

    d8f2a7d4fb066f89ff7806603ea0192a

  • SHA1

    f75e9b15ae4c7ab7160cc9e3ae668bcf545af03a

  • SHA256

    fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974

  • SHA512

    6ffaea68d23798bebed122cbc4334c1db1c0cddf3e07beb7a641f1ba91197c2110c7d2f46bb5d57d9db8828230020da71cd7a9df3a6d04514b02fd532cfc2631

  • SSDEEP

    768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMIzDV:BHJaAoHoc2x7bZoYBAcQlwJdM3

Score
10/10
runningratpersistencerat

Malware Config

Targets

    • Target

      d8f2a7d4fb066f89ff7806603ea0192a_JaffaCakes118

    • Size

      68KB

    • MD5

      d8f2a7d4fb066f89ff7806603ea0192a

    • SHA1

      f75e9b15ae4c7ab7160cc9e3ae668bcf545af03a

    • SHA256

      fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974

    • SHA512

      6ffaea68d23798bebed122cbc4334c1db1c0cddf3e07beb7a641f1ba91197c2110c7d2f46bb5d57d9db8828230020da71cd7a9df3a6d04514b02fd532cfc2631

    • SSDEEP

      768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMIzDV:BHJaAoHoc2x7bZoYBAcQlwJdM3

    Score
    10/10
    runningratpersistencerat

    • RunningRat

      RunningRat is a remote access trojan first seen in 2018.

      ratrunningrat

    • RunningRat payload

    • Sets DLL path for service in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks