Overview

overview

10

Static

static

Purchase LOI.jar

windows7_x64

3

Purchase LOI.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase LOI.jar

  • Size

    168KB

  • Sample

    210705-rg1pwr6tq6

  • MD5

    3851a4834bf578596d81688b49476834

  • SHA1

    4c130bca45c0791d387ff6a02455e76f050b254b

  • SHA256

    bf8ee3c8ac5e570987fb535ee8c47c19ccbf400193610fa34cb31ddd48a81cd0

  • SHA512

    bba38ca9c0453435dba3ea45f506fd18e05a2107f778bad8d8ffdd5977493dc172f4c6d1ed2ddb67fa803374a34bf5eed5c041992f1d2758b0f59d4994b3a96f

Score
10/10
strratpersistencestealertrojan

Malware Config

Targets

    • Target

      Purchase LOI.jar

    • Size

      168KB

    • MD5

      3851a4834bf578596d81688b49476834

    • SHA1

      4c130bca45c0791d387ff6a02455e76f050b254b

    • SHA256

      bf8ee3c8ac5e570987fb535ee8c47c19ccbf400193610fa34cb31ddd48a81cd0

    • SHA512

      bba38ca9c0453435dba3ea45f506fd18e05a2107f778bad8d8ffdd5977493dc172f4c6d1ed2ddb67fa803374a34bf5eed5c041992f1d2758b0f59d4994b3a96f

    Score
    10/10
    strratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks