Overview

overview

10

Static

static

Internet-Win7-30min

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4580-4581.jar

  • Size

    102KB

  • Sample

    210420-dhpe7qnd4a

  • MD5

    00d529d67e6d29ad1a3334b03bdfc878

  • SHA1

    3bf92e14dfccad85ee00b280ad1d4619dafa73e5

  • SHA256

    ac8470ddc7bc18657dfa0376fa43e5917a8d1031ff89f507993019e5e1ba1bb6

  • SHA512

    e32e313d3b92fcf6195e9a5f1b9994d654feaf22a6470e23fdb84c06faeb882f0a2629f4fac9b791fb17e2b014ef2154f5981ffba4e24b3d3f709c0ac696507c

Score
10/10
strratpersistencestealertrojan

Malware Config

Targets

    • Target

      4580-4581.jar

    • Size

      102KB

    • MD5

      00d529d67e6d29ad1a3334b03bdfc878

    • SHA1

      3bf92e14dfccad85ee00b280ad1d4619dafa73e5

    • SHA256

      ac8470ddc7bc18657dfa0376fa43e5917a8d1031ff89f507993019e5e1ba1bb6

    • SHA512

      e32e313d3b92fcf6195e9a5f1b9994d654feaf22a6470e23fdb84c06faeb882f0a2629f4fac9b791fb17e2b014ef2154f5981ffba4e24b3d3f709c0ac696507c

    Score
    10/10
    strratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks