Overview

overview

10

Static

static

Trackingde...85.jar

windows7_x64

10

Trackingde...85.jar

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Trackingdetails202106168387485.jar

  • Size

    104KB

  • Sample

    210617-ygbv642l62

  • MD5

    f5eb2c7cc03ce24684e109a788c5dd35

  • SHA1

    2350fbf33f8573794e93a9cac817873ec9a96380

  • SHA256

    a67536de00bd211113842ecfd66c8d5eb2a068cf1eea73220577436b12d7c174

  • SHA512

    3fe600b09b66c7cbbd5d27899cdc466a5a847889cc774e8cec0ba4cc8110d5f38ffd94ab8cbbe7f9907cf3d2b47286db086ec65ffcff42ffc788083fd8867f72

Score
10/10
strratpersistencestealertrojan

Malware Config

Targets

    • Target

      Trackingdetails202106168387485.jar

    • Size

      104KB

    • MD5

      f5eb2c7cc03ce24684e109a788c5dd35

    • SHA1

      2350fbf33f8573794e93a9cac817873ec9a96380

    • SHA256

      a67536de00bd211113842ecfd66c8d5eb2a068cf1eea73220577436b12d7c174

    • SHA512

      3fe600b09b66c7cbbd5d27899cdc466a5a847889cc774e8cec0ba4cc8110d5f38ffd94ab8cbbe7f9907cf3d2b47286db086ec65ffcff42ffc788083fd8867f72

    Score
    10/10
    strratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks