Overview

overview

10

Static

static

Payment slip.jar

windows7_x64

10

Payment slip.jar

windows10_x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment slip.jar

  • Size

    184KB

  • Sample

    211025-gyrmssgfap

  • MD5

    8829ede47aa2e3f8aece3e8ffcc2ba1a

  • SHA1

    a0fa240b8db1c3ddb42066ac0ddbb8513d005665

  • SHA256

    91799667148b7be1b1d9aa749e5e63da8b529250478c90fee291336551c1544f

  • SHA512

    657290510a7472638de1adfa19d9fe5c00bd26ac8903398d44c0f32248094a5c365c17c0c28078be0c1a986cefe06256f0b47c1f69b50ba6a39fca31a2ad8a50

Score
10/10
strratpersistencestealersuricatatrojan

Malware Config

Targets

    • Target

      Payment slip.jar

    • Size

      184KB

    • MD5

      8829ede47aa2e3f8aece3e8ffcc2ba1a

    • SHA1

      a0fa240b8db1c3ddb42066ac0ddbb8513d005665

    • SHA256

      91799667148b7be1b1d9aa749e5e63da8b529250478c90fee291336551c1544f

    • SHA512

      657290510a7472638de1adfa19d9fe5c00bd26ac8903398d44c0f32248094a5c365c17c0c28078be0c1a986cefe06256f0b47c1f69b50ba6a39fca31a2ad8a50

    Score
    10/10
    strratpersistencestealersuricatatrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • suricata: ET MALWARE STRRAT CnC Checkin

      suricata: ET MALWARE STRRAT CnC Checkin

      suricata

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks