Overview

overview

10

Static

static

WinRAR.exe

windows7_x64

10

WinRAR.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WinRAR.exe

  • Size

    4.0MB

  • Sample

    210120-xk92jf4fys

  • MD5

    c930f328b5b3894feced92d04908b256

  • SHA1

    79eaa3e5457cff7ad64147a4178b0e7aad732101

  • SHA256

    72239d0cba7a80895957b43d854680fb2fefbaa8b1f68b001ce5905c32ddcde1

  • SHA512

    db6d5d81a495874a12b37546541b6a7dce63b43960a5a7a52fa5b3bd87af2067e8aed5daf13c0a6f11f2230b61a369973d18921761a403222054d38ba2fe330f

Score
10/10
strongpitypersistencespywarestealer

Malware Config

Targets

    • Target

      WinRAR.exe

    • Size

      4.0MB

    • MD5

      c930f328b5b3894feced92d04908b256

    • SHA1

      79eaa3e5457cff7ad64147a4178b0e7aad732101

    • SHA256

      72239d0cba7a80895957b43d854680fb2fefbaa8b1f68b001ce5905c32ddcde1

    • SHA512

      db6d5d81a495874a12b37546541b6a7dce63b43960a5a7a52fa5b3bd87af2067e8aed5daf13c0a6f11f2230b61a369973d18921761a403222054d38ba2fe330f

    Score
    10/10
    strongpitypersistencespywarestealer

    • StrongPity

      StrongPity is a spyware developed by PROMETHIUM APT group mainly used in government sponsored attacks.

      stealerspywarestrongpity

    • StrongPity Spyware

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • JavaScript code in executable

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks