General

  • Target

    f1cf2b82b0ec58426d7983e939d0989ad7bd5425993012eab4455c6ad0bbe22b.exe

  • Size

    48KB

  • Sample

    240928-cf2yla1ejj

  • MD5

    e123613672abc38913dcd968faecea29

  • SHA1

    626e7906b9d344c97d74223e31c5953eb7222d74

  • SHA256

    f1cf2b82b0ec58426d7983e939d0989ad7bd5425993012eab4455c6ad0bbe22b

  • SHA512

    19d7d25aa5e38bc330cd43a74346ce7d964cad9d0d4b4f270dea0905bd15b39c48e3cf54cb2a9957c1ccc3df95da82325fdd065299b2fb80dde8d4677d2ced96

  • SSDEEP

    768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67FhPC:Ub1MsHz3JDwhyWr+N95OTga6G

Malware Config

Targets

    • Target

      f1cf2b82b0ec58426d7983e939d0989ad7bd5425993012eab4455c6ad0bbe22b.exe

    • Size

      48KB

    • MD5

      e123613672abc38913dcd968faecea29

    • SHA1

      626e7906b9d344c97d74223e31c5953eb7222d74

    • SHA256

      f1cf2b82b0ec58426d7983e939d0989ad7bd5425993012eab4455c6ad0bbe22b

    • SHA512

      19d7d25aa5e38bc330cd43a74346ce7d964cad9d0d4b4f270dea0905bd15b39c48e3cf54cb2a9957c1ccc3df95da82325fdd065299b2fb80dde8d4677d2ced96

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67FhPC:Ub1MsHz3JDwhyWr+N95OTga6G

    • RunningRat

      RunningRat is a remote access trojan first seen in 2018.

    • Server Software Component: Terminal Services DLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks