General

  • Target

    Payment Advice Note from 05242021.jar

  • Size

    116KB

  • Sample

    210524-tcx9cs8e7s

  • MD5

    74143635e4ccd866da6da37710e828c0

  • SHA1

    ea4892ef439b805ce0c8dc477cbb324b66a74d57

  • SHA256

    fcc120cbbbf66a71a9c0e82d20ecfc6c5721b8ccb806755126c321545fd98d38

  • SHA512

    994fd142fda9cc83f15368c6a8793b94099b8ba186f6bd1a5365dbfe6f5308ded20cd2d32eb8bdec3dbdb00d600d67c90512381fb99f2a69b1db4fa3043875d0

Malware Config

Targets

    • Target

      Payment Advice Note from 05242021.jar

    • Size

      116KB

    • MD5

      74143635e4ccd866da6da37710e828c0

    • SHA1

      ea4892ef439b805ce0c8dc477cbb324b66a74d57

    • SHA256

      fcc120cbbbf66a71a9c0e82d20ecfc6c5721b8ccb806755126c321545fd98d38

    • SHA512

      994fd142fda9cc83f15368c6a8793b94099b8ba186f6bd1a5365dbfe6f5308ded20cd2d32eb8bdec3dbdb00d600d67c90512381fb99f2a69b1db4fa3043875d0

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks