General

  • Target

    009876554332.jar

  • Size

    91KB

  • Sample

    211123-te3xyaafal

  • MD5

    546d61d1b55ea6e8bea9a97dc0ad72df

  • SHA1

    069b5b553be4162be3f7cb7af453498f35b7c655

  • SHA256

    47f93726c4bd0ead6287c0c9b86ae41809ded39837e7d3e2f6b108ea7bd28fe0

  • SHA512

    d91c51954770c81db64c8fae42b841faa0ead86e1b5a4f6b3a5de390d795d569b1d8d1eecc51c2a0f356e91c8286441bde08b1178080ef8f99e22ba20cb7642e

Malware Config

Targets

    • Target

      009876554332.jar

    • Size

      91KB

    • MD5

      546d61d1b55ea6e8bea9a97dc0ad72df

    • SHA1

      069b5b553be4162be3f7cb7af453498f35b7c655

    • SHA256

      47f93726c4bd0ead6287c0c9b86ae41809ded39837e7d3e2f6b108ea7bd28fe0

    • SHA512

      d91c51954770c81db64c8fae42b841faa0ead86e1b5a4f6b3a5de390d795d569b1d8d1eecc51c2a0f356e91c8286441bde08b1178080ef8f99e22ba20cb7642e

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • suricata: ET MALWARE STRRAT CnC Checkin

      suricata: ET MALWARE STRRAT CnC Checkin

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks