General

  • Target

    71898d432736a7af8cb0ab089cbaff7f7ff49cfaf8211f358f1b8f0a939f90da.jar

  • Size

    95KB

  • Sample

    211115-w875vsbbf2

  • MD5

    6f2f5eec8a155584973cd61856952ac7

  • SHA1

    40e6d330011ccb652a83a4e55cb4387895d79592

  • SHA256

    71898d432736a7af8cb0ab089cbaff7f7ff49cfaf8211f358f1b8f0a939f90da

  • SHA512

    758f997b7173ec3833f2ddbde216ceb454cb51f156dc7ffbe4bcd5f5628f80ac082a38ecbda37edb0daee2aaf5f259a78b49d47f405ed3252e9cef91bf690550

Malware Config

Targets

    • Target

      71898d432736a7af8cb0ab089cbaff7f7ff49cfaf8211f358f1b8f0a939f90da.jar

    • Size

      95KB

    • MD5

      6f2f5eec8a155584973cd61856952ac7

    • SHA1

      40e6d330011ccb652a83a4e55cb4387895d79592

    • SHA256

      71898d432736a7af8cb0ab089cbaff7f7ff49cfaf8211f358f1b8f0a939f90da

    • SHA512

      758f997b7173ec3833f2ddbde216ceb454cb51f156dc7ffbe4bcd5f5628f80ac082a38ecbda37edb0daee2aaf5f259a78b49d47f405ed3252e9cef91bf690550

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks