Overview

overview

10

Static

static

1

1a2c468a86...18.jar

windows7-x64

10

1a2c468a86...18.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a2c468a861da91c1e74a0420cc12c29_JaffaCakes118

  • Size

    431KB

  • Sample

    240506-b4x4wafh95

  • MD5

    1a2c468a861da91c1e74a0420cc12c29

  • SHA1

    050891c9f4bd589f2f7cdfc36cb6408b7ca46103

  • SHA256

    8db3e15cce407bde5be7b116fccea52ad85670f767d11b4df24b3ce33af8d2aa

  • SHA512

    cecf7e96083ddff5ab366a7efd087590af5f3def15221842f78e92384da7f2a30212e421b8d208b6143db79ad75e6416c91d2a91fd272ab91e53489dab3b2b97

  • SSDEEP

    12288:mNfeU1xUcIz1BAkrSerqrw+v3sXH9a+PMt8yX1FHK:k1xUc2Aqec+0XdN0t8yXTK

Score
10/10
rattydiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      1a2c468a861da91c1e74a0420cc12c29_JaffaCakes118

    • Size

      431KB

    • MD5

      1a2c468a861da91c1e74a0420cc12c29

    • SHA1

      050891c9f4bd589f2f7cdfc36cb6408b7ca46103

    • SHA256

      8db3e15cce407bde5be7b116fccea52ad85670f767d11b4df24b3ce33af8d2aa

    • SHA512

      cecf7e96083ddff5ab366a7efd087590af5f3def15221842f78e92384da7f2a30212e421b8d208b6143db79ad75e6416c91d2a91fd272ab91e53489dab3b2b97

    • SSDEEP

      12288:mNfeU1xUcIz1BAkrSerqrw+v3sXH9a+PMt8yX1FHK:k1xUc2Aqec+0XdN0t8yXTK

    Score
    10/10
    rattypersistencerattrojandiscovery

    • Ratty

      Ratty is an open source Java Remote Access Tool.

      trojanratratty

    • Ratty Rat payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

2
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks