General

  • Target

    me.exe

  • Size

    68KB

  • Sample

    240429-pa7m4sae2x

  • MD5

    56ebc5ff9dece63f071cb0632a7cf43b

  • SHA1

    50373327e5aee1719f7d7ba1387a2ac67abc7111

  • SHA256

    bbe31a4ecad08a0cd9d895fcb01f6d2353d6e3a69a76c6d25ca0365eac810884

  • SHA512

    d73b5399baf7ad66b00eea5c601a8aeb1d3900a9b345ede09796eb732be556e5b79a7dbd587fa7939e4986828a6846c782f9908dda528d0bc1d9d9fb6e0d5d39

  • SSDEEP

    768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMI5V:BHJaAoHoc2x7bZoYBAcQlwJdMJ

Malware Config

Targets

    • Target

      me.exe

    • Size

      68KB

    • MD5

      56ebc5ff9dece63f071cb0632a7cf43b

    • SHA1

      50373327e5aee1719f7d7ba1387a2ac67abc7111

    • SHA256

      bbe31a4ecad08a0cd9d895fcb01f6d2353d6e3a69a76c6d25ca0365eac810884

    • SHA512

      d73b5399baf7ad66b00eea5c601a8aeb1d3900a9b345ede09796eb732be556e5b79a7dbd587fa7939e4986828a6846c782f9908dda528d0bc1d9d9fb6e0d5d39

    • SSDEEP

      768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMI5V:BHJaAoHoc2x7bZoYBAcQlwJdMJ

    • RunningRat

      RunningRat is a remote access trojan first seen in 2018.

    • RunningRat payload

    • Sets DLL path for service in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks