runningrat | 2e16a2bc7674b473da78276b7f7617aa77552d87880df0b5e4017efda60cd279 | Triage

Submit
Reports

Overview

overview

Static

static

fa8405c6d4...74.exe

windows7-x64

fa8405c6d4...74.exe

windows10-2004-x64

Sharing

General

Target

d8f2a7d4fb066f89ff7806603ea0192a.zip
Size

28KB
Sample

240901-la5xqsxdlb
MD5

bff837eee834869987e424efd6749f6e
SHA1

cb8a803fb58c0b426524f6fc434d7e12531a0d14
SHA256

2e16a2bc7674b473da78276b7f7617aa77552d87880df0b5e4017efda60cd279
SHA512

c580bdc217a83dc9081ac0b49564f5ef722d99ef20c80f5333d3855c4d027e4b2ee29f079c1b8f5bda9ef07cb30c657b42b70d057e3ffe6f20c16718c5d197c4
SSDEEP

768:iGl6hvnAAUfGKKDI/rQNb6tvTrhXAKemaNJUZz54REmC4hfEAqcLi:LOAAkYDIswTNeDNJCziRHC4hgcLi

Score

10^/10

runningrat discovery persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974.exe

Resource

win7-20240708-en

runningrat discovery persistence rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974.exe

Resource

win10v2004-20240802-en

runningrat discovery persistence rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974
- Size
  
  68KB
- MD5
  
  d8f2a7d4fb066f89ff7806603ea0192a
- SHA1
  
  f75e9b15ae4c7ab7160cc9e3ae668bcf545af03a
- SHA256
  
  fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974
- SHA512
  
  6ffaea68d23798bebed122cbc4334c1db1c0cddf3e07beb7a641f1ba91197c2110c7d2f46bb5d57d9db8828230020da71cd7a9df3a6d04514b02fd532cfc2631
- SSDEEP
  
  768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMIzDV:BHJaAoHoc2x7bZoYBAcQlwJdM3
Score

10^/10

runningrat discovery persistence rat
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- RunningRat payload
- Server Software Component: Terminal Services DLL
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

runningratdiscoverypersistencerat

behavioral2

runningratdiscoverypersistencerat

© 2018-2024

Terms | Privacy