Overview

overview

10

Static

static

02_extracted.jar

windows7_x64

10

02_extracted.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02_extracted.jar

  • Size

    83KB

  • Sample

    201104-sw3mtjzhb2

  • MD5

    9250c46915d7fc36a5605a3756447dec

  • SHA1

    b33288cc02bf24008488b14e648943a214265067

  • SHA256

    43e480eaff9c6da18d3c042231ed82f0a09a7adb3301311c159941e75a105a2c

  • SHA512

    093e64939119d1d742428379ec05460a00c6b4d96c4e8fcb425bcd752cacfd18a394fe7d04671fd9f131beb89a41e9e0517d1238430820e5347e271a1090dc05

Score
10/10
strratpersistencestealertrojan

Malware Config

Targets

    • Target

      02_extracted.jar

    • Size

      83KB

    • MD5

      9250c46915d7fc36a5605a3756447dec

    • SHA1

      b33288cc02bf24008488b14e648943a214265067

    • SHA256

      43e480eaff9c6da18d3c042231ed82f0a09a7adb3301311c159941e75a105a2c

    • SHA512

      093e64939119d1d742428379ec05460a00c6b4d96c4e8fcb425bcd752cacfd18a394fe7d04671fd9f131beb89a41e9e0517d1238430820e5347e271a1090dc05

    Score
    10/10
    strratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks