runningrat | b10884a495070c2f9ee183bbbb6d1b8f7351fc75d094f4bb212c38c859a6e867 | Triage

Submit
Reports

Overview

overview

Static

static

me.exe

windows7-x64

me.exe

windows10-2004-x64

Sharing

General

Target

me.exe
Size

68KB
Sample

241101-gh1wjawkev
MD5

04485ee0f0313f990255aa4a06546abb
SHA1

fa87b9a7b914c11fb75b775e391a3ad46d4eb432
SHA256

b10884a495070c2f9ee183bbbb6d1b8f7351fc75d094f4bb212c38c859a6e867
SHA512

d95011d0bbae4c63ab0acf26568d0759990f26ed87dbc60ed01fdb840477519adb931feff6a6029c0b32d4ba4623ef2951ca260fcfabc609b364f51f775f024b
SSDEEP

768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMI4V:BHJaAoHoc2x7bZoYBAcQlwJdME

Score

10^/10

runningrat discovery persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

me.exe

Resource

win7-20240903-en

runningrat discovery rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

me.exe

Resource

win10v2004-20241007-en

runningrat discovery persistence rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

runningrat

Targets

- Target
  
  me.exe
- Size
  
  68KB
- MD5
  
  04485ee0f0313f990255aa4a06546abb
- SHA1
  
  fa87b9a7b914c11fb75b775e391a3ad46d4eb432
- SHA256
  
  b10884a495070c2f9ee183bbbb6d1b8f7351fc75d094f4bb212c38c859a6e867
- SHA512
  
  d95011d0bbae4c63ab0acf26568d0759990f26ed87dbc60ed01fdb840477519adb931feff6a6029c0b32d4ba4623ef2951ca260fcfabc609b364f51f775f024b
- SSDEEP
  
  768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMI4V:BHJaAoHoc2x7bZoYBAcQlwJdME
Score

10^/10

runningrat discovery rat persistence
- RunningRat
  RunningRat is a remote access trojan first seen in 2018.
  rat runningrat
- RunningRat payload
- Runningrat family
  runningrat
- Server Software Component: Terminal Services DLL
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

runningratdiscoveryrat

behavioral2

runningratdiscoverypersistencerat

© 2018-2024

Terms | Privacy