Resubmissions

04-11-2024 15:35

241104-s1mmea1pex 10

04-11-2024 15:33

241104-sy682a1pdt 10

General

  • Target

    e408099f5a74318673f44f50ea03611cf503237e3dba5d9fb177f05ae31e60e2

  • Size

    21.3MB

  • Sample

    241104-s1mmea1pex

  • MD5

    2e762da75fc081b5a8825dd5e3c9930f

  • SHA1

    33086972acb9192c63a9601fa4d05639791fb7cf

  • SHA256

    e408099f5a74318673f44f50ea03611cf503237e3dba5d9fb177f05ae31e60e2

  • SHA512

    1c75b8c147f5744de97f4e245e48e7765511bcace71bd2690ed86009e3856226501973dc036d14f1caeff7f7b6cd991ad0759e3cc99cf9884e688aaf2b6b935e

  • SSDEEP

    393216:V9h0cGmL42NlEO8lG+hHgdBH+7l4V9UWgw9ciJa90dj45QqvhJGtz5TnUkMHa4bE:/hLLl+TcM+gw9casJ6ZRJU1Cv3

Malware Config

Targets

    • Target

      e408099f5a74318673f44f50ea03611cf503237e3dba5d9fb177f05ae31e60e2

    • Size

      21.3MB

    • MD5

      2e762da75fc081b5a8825dd5e3c9930f

    • SHA1

      33086972acb9192c63a9601fa4d05639791fb7cf

    • SHA256

      e408099f5a74318673f44f50ea03611cf503237e3dba5d9fb177f05ae31e60e2

    • SHA512

      1c75b8c147f5744de97f4e245e48e7765511bcace71bd2690ed86009e3856226501973dc036d14f1caeff7f7b6cd991ad0759e3cc99cf9884e688aaf2b6b935e

    • SSDEEP

      393216:V9h0cGmL42NlEO8lG+hHgdBH+7l4V9UWgw9ciJa90dj45QqvhJGtz5TnUkMHa4bE:/hLLl+TcM+gw9casJ6ZRJU1Cv3

    • RuRAT

      RuRAT is a remote admin tool sold as legitimate software but regularly abused in malicious phishing campaigns.

    • Rurat family

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks