Overview

overview

10

Static

static

10

b6e1c130d2...4f.exe

windows7-x64

10

b6e1c130d2...4f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2b6bdd0a18e76a5df3a867a49f951125.bin

  • Size

    20KB

  • Sample

    240613-bqvrlaserm

  • MD5

    736964fcab2d8e4fc3bfb3ceee193d08

  • SHA1

    5c488fc9f1766b2d7a17f979d3e3091b00b64dc4

  • SHA256

    b3c555d1df6e80ea4826fad4acd96ca543e57276e15864a1d97d02dd913af707

  • SHA512

    2ae72cd703c4f0921ebf328fb4cfe4e347dec1a73945812a39bd3d5c4668ab9f76ef1931dee8728cc479c3b33d1522620ee5d3eb20db51de22ee1ece80245e81

  • SSDEEP

    384:Uz5E5DFPgqpRMWV/fTV6NujKZede75ncNrFBWUQSgAegY+VRs25S6LejyA5r3KVC:UzQFpbFjKZede75nyFBWAgAegY+VJTIL

Score
10/10
runningratpersistencerat

Malware Config

Targets

    • Target

      b6e1c130d2b9f81e9457197727bb12e29093f29bf80408c2351bbad8cf821d4f.exe

    • Size

      48KB

    • MD5

      2b6bdd0a18e76a5df3a867a49f951125

    • SHA1

      f0286405e8c8efb11ad4d30b29f32268ea747c09

    • SHA256

      b6e1c130d2b9f81e9457197727bb12e29093f29bf80408c2351bbad8cf821d4f

    • SHA512

      ef06c218ad5daf8437fda94c991a4ba86e3bdfd7ef55b64d8fdbe4657bb7acf512c42e7158cce17943a3aa437f96d294dae6eeb908d1f8acacdc4ddb25f27915

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67ahPC:Ub1MsHz3JDwhyWr+N95OTga6Z

    Score
    10/10
    runningratpersistencerat

    • RunningRat

      RunningRat is a remote access trojan first seen in 2018.

      ratrunningrat

    • Sets DLL path for service in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks