Overview

overview

10

Static

static

10

RATTTT.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RATTTT.exe

  • Size

    7.6MB

  • Sample

    250201-gegngssmdz

  • MD5

    ebeaa340065ab95d55290cf3493fffe3

  • SHA1

    e8abeba9246adccd08d51802e91bcc8310fd95f8

  • SHA256

    e1393d279b6d5713326394ed56cd154954afecdd20ecc6b8991ee5d388365ba9

  • SHA512

    b4f1d321e5548bfe5f001da838d578da76f1a00163f6b4c3d3c1cc07ab221710a96295bdb8eb4a3099bfebf496c08f117d2aa585dad86eea077c99246f0a2e2c

  • SSDEEP

    196608:ODD+kdiwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWC:85HIHL7HmBYXrYoaUNp

Score
10/10
blankgrabbercollectiondefense_evasiondiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

      RATTTT.exe

    • Size

      7.6MB

    • MD5

      ebeaa340065ab95d55290cf3493fffe3

    • SHA1

      e8abeba9246adccd08d51802e91bcc8310fd95f8

    • SHA256

      e1393d279b6d5713326394ed56cd154954afecdd20ecc6b8991ee5d388365ba9

    • SHA512

      b4f1d321e5548bfe5f001da838d578da76f1a00163f6b4c3d3c1cc07ab221710a96295bdb8eb4a3099bfebf496c08f117d2aa585dad86eea077c99246f0a2e2c

    • SSDEEP

      196608:ODD+kdiwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWC:85HIHL7HmBYXrYoaUNp

    Score
    8/10
    collectiondefense_evasiondiscoveryexecutionspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks