General

  • Target

    92192af947017c20ad861faf4459fb705e63f7083b34c77c1727891b88091573

  • Size

    20.0MB

  • Sample

    241102-whze2atqdj

  • MD5

    075d6c122274cb9226521d3cd298f2f2

  • SHA1

    6f54d70f39fa28596ef90bfcb0c14278b016db1b

  • SHA256

    92192af947017c20ad861faf4459fb705e63f7083b34c77c1727891b88091573

  • SHA512

    c89f25e451ae095635bee4df25cbf7bb8431d87017ae65898471b346ee3b2a8694b5a45aa00e4dc54881905643c62843216d402e10faadd195e10922a29573be

  • SSDEEP

    393216:9Vz6+gdQzi/Ew1x1vXYQBEPDdasNaAzEFuEaP3CxMk50pRZfQCy0lifWA5J8EOx:LHSvI+EPDdXNaHaP4Mk50hfh/ieA5nOx

Malware Config

Targets

    • Target

      92192af947017c20ad861faf4459fb705e63f7083b34c77c1727891b88091573

    • Size

      20.0MB

    • MD5

      075d6c122274cb9226521d3cd298f2f2

    • SHA1

      6f54d70f39fa28596ef90bfcb0c14278b016db1b

    • SHA256

      92192af947017c20ad861faf4459fb705e63f7083b34c77c1727891b88091573

    • SHA512

      c89f25e451ae095635bee4df25cbf7bb8431d87017ae65898471b346ee3b2a8694b5a45aa00e4dc54881905643c62843216d402e10faadd195e10922a29573be

    • SSDEEP

      393216:9Vz6+gdQzi/Ew1x1vXYQBEPDdasNaAzEFuEaP3CxMk50pRZfQCy0lifWA5J8EOx:LHSvI+EPDdXNaHaP4Mk50hfh/ieA5nOx

    • RuRAT

      RuRAT is a remote admin tool sold as legitimate software but regularly abused in malicious phishing campaigns.

    • Rurat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks