General

  • Target

    SKM_15112021.zip

  • Size

    89KB

  • Sample

    211116-nbh6gaadfn

  • MD5

    8245c617c321b31ae0899ac48eb8fa4d

  • SHA1

    9d4c736fd5661672c6c6e4edbeea243e0ffe658e

  • SHA256

    d1d9ac5fba8c99246ab7f8a94fcad5eecfbab556b370ff55da2a63a2502a8589

  • SHA512

    db3ad825468aa076c55b04d2b1ffdc5d93f6bfeaab503486786e1542d05af39e3f23bc7df9200e0cf06617a69c605b024f9dce19864ddb25717389c800eebb3d

Malware Config

Targets

    • Target

      SKM_15112021.jar

    • Size

      95KB

    • MD5

      6f2f5eec8a155584973cd61856952ac7

    • SHA1

      40e6d330011ccb652a83a4e55cb4387895d79592

    • SHA256

      71898d432736a7af8cb0ab089cbaff7f7ff49cfaf8211f358f1b8f0a939f90da

    • SHA512

      758f997b7173ec3833f2ddbde216ceb454cb51f156dc7ffbe4bcd5f5628f80ac082a38ecbda37edb0daee2aaf5f259a78b49d47f405ed3252e9cef91bf690550

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • suricata: ET MALWARE STRRAT CnC Checkin

      suricata: ET MALWARE STRRAT CnC Checkin

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks