General

  • Target

    IMG-211021.jar

  • Size

    95KB

  • Sample

    211122-xh3ywsgfdp

  • MD5

    d05dfafdbcbb7d7f0624127d859aec48

  • SHA1

    c90f70f2f5818dc08087a6f5d068401e8a681bf4

  • SHA256

    c26d4a889f780b73fef6c02e34856f0cfc9c636dbe45ce8a7bc9131190d25e67

  • SHA512

    80773aa747206899cbfd506890b9725b02236abf6cf0d2693f42d04685aa680617e2140d9569103b55607a8a19c9deb9eadfb0892cb4f9e71a0dd3a2c1af306f

Malware Config

Targets

    • Target

      IMG-211021.jar

    • Size

      95KB

    • MD5

      d05dfafdbcbb7d7f0624127d859aec48

    • SHA1

      c90f70f2f5818dc08087a6f5d068401e8a681bf4

    • SHA256

      c26d4a889f780b73fef6c02e34856f0cfc9c636dbe45ce8a7bc9131190d25e67

    • SHA512

      80773aa747206899cbfd506890b9725b02236abf6cf0d2693f42d04685aa680617e2140d9569103b55607a8a19c9deb9eadfb0892cb4f9e71a0dd3a2c1af306f

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • suricata: ET MALWARE STRRAT CnC Checkin

      suricata: ET MALWARE STRRAT CnC Checkin

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks