General

  • Target

    085c01465357b7e37a111d2a150da06f2a65ca6c795bc90f8a0d381ae754a3b5

  • Size

    696KB

  • Sample

    220130-h8n54agghr

  • MD5

    c66a7972e1db81d74f8fef4d92a92d9f

  • SHA1

    0650701b4777a3c7da0894f0aa0bb4e446bff2df

  • SHA256

    085c01465357b7e37a111d2a150da06f2a65ca6c795bc90f8a0d381ae754a3b5

  • SHA512

    214eec0fba99016e0179670344c7f8b481785e6d76e35769dd76ad7223b667e2144d68571b5bc3624d590723f07c45b6ecbe82620e7577dfb483065fd5463ab5

Malware Config

Targets

    • Target

      085c01465357b7e37a111d2a150da06f2a65ca6c795bc90f8a0d381ae754a3b5

    • Size

      696KB

    • MD5

      c66a7972e1db81d74f8fef4d92a92d9f

    • SHA1

      0650701b4777a3c7da0894f0aa0bb4e446bff2df

    • SHA256

      085c01465357b7e37a111d2a150da06f2a65ca6c795bc90f8a0d381ae754a3b5

    • SHA512

      214eec0fba99016e0179670344c7f8b481785e6d76e35769dd76ad7223b667e2144d68571b5bc3624d590723f07c45b6ecbe82620e7577dfb483065fd5463ab5

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • suricata: ET MALWARE STRRAT Initial HTTP Activity

      suricata: ET MALWARE STRRAT Initial HTTP Activity

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks