Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    21.8MB

  • Sample

    240426-rxraradf68

  • MD5

    04d54700f8274d32b60222bc1497ebf0

  • SHA1

    1150c1a0e45c6ee5c671a5907c8f057ece4bc1e5

  • SHA256

    eb41f9ce5d810092148309af2f932db5b938c57c9c2b8a5a5078e6cb45349b7b

  • SHA512

    879667c69733b6edad159a5882b4f3a4a8f968c030b4a868742e591b61a5ff476b05f910bc3f2d64583f0bf385aaba6df4ee2ddbd91fbef0f9d74e8d05175fe1

  • SSDEEP

    393216:/LfK/LS1/Lgntpvw2D3r4qg8RvPNJrHS7i9CPq7E0YIpUx9gZjpWQma9BKyIo9Xt:zIQy+qRvPn2+CP+EUE9vFo9L5

Score
10/10
ruratbackdoortrojan

Malware Config

Targets

    • Target

      tmp

    • Size

      21.8MB

    • MD5

      04d54700f8274d32b60222bc1497ebf0

    • SHA1

      1150c1a0e45c6ee5c671a5907c8f057ece4bc1e5

    • SHA256

      eb41f9ce5d810092148309af2f932db5b938c57c9c2b8a5a5078e6cb45349b7b

    • SHA512

      879667c69733b6edad159a5882b4f3a4a8f968c030b4a868742e591b61a5ff476b05f910bc3f2d64583f0bf385aaba6df4ee2ddbd91fbef0f9d74e8d05175fe1

    • SSDEEP

      393216:/LfK/LS1/Lgntpvw2D3r4qg8RvPNJrHS7i9CPq7E0YIpUx9gZjpWQma9BKyIo9Xt:zIQy+qRvPn2+CP+EUE9vFo9L5

    Score
    10/10
    ruratbackdoortrojan

    • RuRAT

      RuRAT is a remote admin tool sold as legitimate software but regularly abused in malicious phishing campaigns.

      trojanbackdoorrurat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks