runningrat | fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974 | Triage

Sharing

General

Target

d8f2a7d4fb066f89ff7806603ea0192a_JaffaCakes118
Size

68KB
Sample

240405-t2seqagh7v
MD5

d8f2a7d4fb066f89ff7806603ea0192a
SHA1

f75e9b15ae4c7ab7160cc9e3ae668bcf545af03a
SHA256

fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974
SHA512

6ffaea68d23798bebed122cbc4334c1db1c0cddf3e07beb7a641f1ba91197c2110c7d2f46bb5d57d9db8828230020da71cd7a9df3a6d04514b02fd532cfc2631
SSDEEP

768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMIzDV:BHJaAoHoc2x7bZoYBAcQlwJdM3

Score

10^/10

runningrat persistence rat

Malware Config

Targets

- Target
  
  d8f2a7d4fb066f89ff7806603ea0192a_JaffaCakes118
- Size
  
  68KB
- MD5
  
  d8f2a7d4fb066f89ff7806603ea0192a
- SHA1
  
  f75e9b15ae4c7ab7160cc9e3ae668bcf545af03a
- SHA256
  
  fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974
- SHA512
  
  6ffaea68d23798bebed122cbc4334c1db1c0cddf3e07beb7a641f1ba91197c2110c7d2f46bb5d57d9db8828230020da71cd7a9df3a6d04514b02fd532cfc2631
- SSDEEP
  
  768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMIzDV:BHJaAoHoc2x7bZoYBAcQlwJdM3
Score

10^/10

runningrat persistence rat
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- RunningRat payload
- Sets DLL path for service in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

runningratpersistencerat

behavioral2

runningratpersistencerat