General

  • Target

    f2d5690c5cdbcb6baf0143914eb5a3ecdb04b34a6ff8cf6bc8ba6272740eafa8

  • Size

    120KB

  • Sample

    220206-y9mawsbghm

  • MD5

    9ed3669177f2d88ad081679381033a03

  • SHA1

    47cd56a35c2870705fee8b8386a9b0cbb5ec956b

  • SHA256

    f2d5690c5cdbcb6baf0143914eb5a3ecdb04b34a6ff8cf6bc8ba6272740eafa8

  • SHA512

    f212864f3c4c8d472f12e0a8f3641b731decf5e70260e74cbf53c94eaf46a73a6fbf52275041b7ac1c28b4b10d556254424c707413e61bb3bba9f11efac0601d

Malware Config

Targets

    • Target

      OVERDUE INVOICE.jar

    • Size

      120KB

    • MD5

      efb8faa9ea3ee9d8a18886f1c5e83877

    • SHA1

      831b19dcb982d7bb34ab62af54656f6e7f98fbfd

    • SHA256

      9f9ad65a34cfbf5ef9ffa975c05b66cc170b696c7f2695d60711c7dd5f5163b2

    • SHA512

      3d5628a4a787a66b5d59f9bc59c5d0f1ad776ef48e9fc21ebdfb2bb9e84f9cd37658e6960b06a657b1cc0ccfd55a7916cf0f167aee871204c6546b3bf92bec4a

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • suricata: ET MALWARE STRRAT Initial HTTP Activity

      suricata: ET MALWARE STRRAT Initial HTTP Activity

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks