General

  • Target

    2e16a2bc7674b473da78276b7f7617aa77552d87880df0b5e4017efda60cd279

  • Size

    28KB

  • Sample

    240901-p1w93a1clj

  • MD5

    bff837eee834869987e424efd6749f6e

  • SHA1

    cb8a803fb58c0b426524f6fc434d7e12531a0d14

  • SHA256

    2e16a2bc7674b473da78276b7f7617aa77552d87880df0b5e4017efda60cd279

  • SHA512

    c580bdc217a83dc9081ac0b49564f5ef722d99ef20c80f5333d3855c4d027e4b2ee29f079c1b8f5bda9ef07cb30c657b42b70d057e3ffe6f20c16718c5d197c4

  • SSDEEP

    768:iGl6hvnAAUfGKKDI/rQNb6tvTrhXAKemaNJUZz54REmC4hfEAqcLi:LOAAkYDIswTNeDNJCziRHC4hgcLi

Malware Config

Targets

    • Target

      fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974

    • Size

      68KB

    • MD5

      d8f2a7d4fb066f89ff7806603ea0192a

    • SHA1

      f75e9b15ae4c7ab7160cc9e3ae668bcf545af03a

    • SHA256

      fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974

    • SHA512

      6ffaea68d23798bebed122cbc4334c1db1c0cddf3e07beb7a641f1ba91197c2110c7d2f46bb5d57d9db8828230020da71cd7a9df3a6d04514b02fd532cfc2631

    • SSDEEP

      768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMIzDV:BHJaAoHoc2x7bZoYBAcQlwJdM3

    • RunningRat

      RunningRat is a remote access trojan first seen in 2018.

    • RunningRat payload

    • Server Software Component: Terminal Services DLL

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks