Overview

overview

10

Static

static

10

177f14ed35...18.exe

windows7-x64

10

177f14ed35...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    177f14ed35b25dcf4ffbcd1f021fb676_JaffaCakes118

  • Size

    48KB

  • Sample

    240505-nq9a7scb42

  • MD5

    177f14ed35b25dcf4ffbcd1f021fb676

  • SHA1

    ae362ea9477cdf633ee9b76b876be73c1e2a389c

  • SHA256

    8100783372daa78409859d33e26e64dd2a34fb7f945426b83b25f06e3c09a625

  • SHA512

    7ba8acf7c05f0dfb5c466a976343829d82560209f892a0b743b941eba5ca22aa022920b577d485f98047ed234ae991b6c3a7deca36b2cfcad4764dd9c7431111

  • SSDEEP

    768:Xynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67GhPA2:Ib1MsHz3JDwhyWr+N95OTga6r2

Score
10/10
runningratpersistencerat

Malware Config

Targets

    • Target

      177f14ed35b25dcf4ffbcd1f021fb676_JaffaCakes118

    • Size

      48KB

    • MD5

      177f14ed35b25dcf4ffbcd1f021fb676

    • SHA1

      ae362ea9477cdf633ee9b76b876be73c1e2a389c

    • SHA256

      8100783372daa78409859d33e26e64dd2a34fb7f945426b83b25f06e3c09a625

    • SHA512

      7ba8acf7c05f0dfb5c466a976343829d82560209f892a0b743b941eba5ca22aa022920b577d485f98047ed234ae991b6c3a7deca36b2cfcad4764dd9c7431111

    • SSDEEP

      768:Xynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67GhPA2:Ib1MsHz3JDwhyWr+N95OTga6r2

    Score
    10/10
    runningratpersistencerat

    • RunningRat

      RunningRat is a remote access trojan first seen in 2018.

      ratrunningrat

    • Sets DLL path for service in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks