Overview

overview

9

Static

static

9

SecuriteIn...19.msi

windows7_x64

6

SecuriteIn...19.msi

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Java.Ratty.2.17626.28919

  • Size

    384KB

  • Sample

    200801-kp6xfgrg6e

  • MD5

    65a137d42ab4a2e88af0c517dea6550f

  • SHA1

    d605514c0d1cef5cdbd1c7bde54b23c07a58fd17

  • SHA256

    67905416ed17dc324c87f1d7a9bde197b2f651f2334f2eef554447675b7dd0c0

  • SHA512

    798720589871b0a2cd4b505356ed02e9270707bbdd2aa162216455f6f215f77a2e451e5fd9e59d5aa0ef3d7816743c58536d81a7413d6548e558ad575336c5e8

Score
9/10
discoverypersistence

Malware Config

Targets

    • Target

      SecuriteInfo.com.Java.Ratty.2.17626.28919

    • Size

      384KB

    • MD5

      65a137d42ab4a2e88af0c517dea6550f

    • SHA1

      d605514c0d1cef5cdbd1c7bde54b23c07a58fd17

    • SHA256

      67905416ed17dc324c87f1d7a9bde197b2f651f2334f2eef554447675b7dd0c0

    • SHA512

      798720589871b0a2cd4b505356ed02e9270707bbdd2aa162216455f6f215f77a2e451e5fd9e59d5aa0ef3d7816743c58536d81a7413d6548e558ad575336c5e8

    Score
    8/10
    persistencediscovery

    • Blacklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks