SQLRAT

Description

(Flashpoint) The SQLRat script is designed to make a direct SQL connection to a Microsoft database controlled by the attackers and execute the contents of various tables. The script retrieves an item from the bindata table and writes the file to disk. This file appears to primarily be a version of TinyMet—an open source Meterpreter stager—but the actors have the option to store and execute any binary loaded into the table.

Names

Name
SQLRAT

Type

Backdoor
Loader

Information

https://www.flashpoint-intel.com/blog/fin7-revisited-inside-astra-panel-and-sqlrat-malware/

Mitre Attack

https://attack.mitre.org/software/S0390/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/js.sqlrat

Other Information

Uuid

15b99961-7edf-4f39-a9eb-b74bfac2557d

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

SQLRAT

SQLRAT

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks