runningrat | ca354f62593392f73b308327968dd673d39a4c4c694456f203720e8db0a877f5 | Triage

Submit
Reports

Overview

overview

Static

static

3

ffb53d4baa...18.exe

windows7-x64

ffb53d4baa...18.exe

windows10-2004-x64

Sharing

General

Target

ffb53d4baa4fe8f029a12ea4cbe9ff5c_JaffaCakes118
Size

854KB
Sample

240930-b7szbswanf
MD5

ffb53d4baa4fe8f029a12ea4cbe9ff5c
SHA1

6d0c95f3ec69a262ccd5b91c1ca399059d846427
SHA256

ca354f62593392f73b308327968dd673d39a4c4c694456f203720e8db0a877f5
SHA512

e0b6a06124c48c775ade65cf3480921fbcc10d4fda48dcc714fba1bce2e28c88ae2eabb62f31670763797af4248c9d68c640f23922a1ca90bff4ba115326dc96
SSDEEP

24576:5vCotMeauERKuzDGpTWm6AXOkyvifxSClcoa+Sgnf:HnasumqnGOnvcxSClha+fnf

Score

10^/10

runningrat discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ffb53d4baa4fe8f029a12ea4cbe9ff5c_JaffaCakes118.exe

Resource

win7-20240729-en

runningrat discovery rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

ffb53d4baa4fe8f029a12ea4cbe9ff5c_JaffaCakes118.exe

Resource

win10v2004-20240802-en

runningrat discovery rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  ffb53d4baa4fe8f029a12ea4cbe9ff5c_JaffaCakes118
- Size
  
  854KB
- MD5
  
  ffb53d4baa4fe8f029a12ea4cbe9ff5c
- SHA1
  
  6d0c95f3ec69a262ccd5b91c1ca399059d846427
- SHA256
  
  ca354f62593392f73b308327968dd673d39a4c4c694456f203720e8db0a877f5
- SHA512
  
  e0b6a06124c48c775ade65cf3480921fbcc10d4fda48dcc714fba1bce2e28c88ae2eabb62f31670763797af4248c9d68c640f23922a1ca90bff4ba115326dc96
- SSDEEP
  
  24576:5vCotMeauERKuzDGpTWm6AXOkyvifxSClcoa+Sgnf:HnasumqnGOnvcxSClha+fnf
Score

10^/10

runningrat discovery rat
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- RunningRat payload
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

runningratdiscoveryrat

behavioral2

runningratdiscoveryrat

© 2018-2024

Terms | Privacy