General

  • Target

    Overdue invoice-960494.jar

  • Size

    99KB

  • Sample

    210607-kbd2pp8zrn

  • MD5

    057ee447c12c0c2f3ce7c51f9579dbce

  • SHA1

    a24554b8a24786895a2e1d76f42751f46b5fbef9

  • SHA256

    71ed2714927d82bc3660dc53b132a843a65fa1f68e0d892ce7c40905772d8dcb

  • SHA512

    27d602531da88b9be73bba28afdbaa246e17ee0f218fa340cc8ac356afd17d973953b91dfc2d8085e19f02dd339bba39a3e0885ff30370b6150999e80ac593ce

Malware Config

Targets

    • Target

      Overdue invoice-960494.jar

    • Size

      99KB

    • MD5

      057ee447c12c0c2f3ce7c51f9579dbce

    • SHA1

      a24554b8a24786895a2e1d76f42751f46b5fbef9

    • SHA256

      71ed2714927d82bc3660dc53b132a843a65fa1f68e0d892ce7c40905772d8dcb

    • SHA512

      27d602531da88b9be73bba28afdbaa246e17ee0f218fa340cc8ac356afd17d973953b91dfc2d8085e19f02dd339bba39a3e0885ff30370b6150999e80ac593ce

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Remote System Discovery

1
T1018

Tasks