General

  • Target

    ff728a4141cecb93d82669ba064cf252bd1a5ac60f69f23e25101d5338b79d7b

  • Size

    83KB

  • Sample

    220206-yq1deabfgn

  • MD5

    1b32fa7a373939320eb66bb9e665c767

  • SHA1

    a2e6509a9726130e904c326c3c2d67203167920e

  • SHA256

    ff728a4141cecb93d82669ba064cf252bd1a5ac60f69f23e25101d5338b79d7b

  • SHA512

    f9da7d594a0739405a804c3404a870c6fe7586d32871ccfd8f39aaa63f8c66d142dcc5e7e6b11d3f7fe04fbf823fcdd8d90d0ee6a1497bce222da5da54bb296f

Malware Config

Targets

    • Target

      PO 012324567 pdf.jar

    • Size

      88KB

    • MD5

      261816b5c460c563c6d38a4804d3a3b1

    • SHA1

      9ac5648ef17c548cf4bbd6a4eb8ee1024db2d33d

    • SHA256

      b756109104742cbdab8dfc98fb41d5bb364b078686004f694d5c6762e0449012

    • SHA512

      fd4b3f56b34fa017c799a5bc2d1ea84d1a1da4ae0e8fceeb08dc857b49d5c45f33f8bd065fa80367d94ecb73242b0f5261040883e48f96b642e749175b945e80

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • suricata: ET MALWARE STRRAT Initial HTTP Activity

      suricata: ET MALWARE STRRAT Initial HTTP Activity

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks