General

  • Target

    usps-shipment.jar

  • Size

    184KB

  • Sample

    220208-tnxghsach6

  • MD5

    cca26d216f42ab72821eaec5c9e8d73f

  • SHA1

    312a38a5b5c88037160b2ebf958d2402778f7309

  • SHA256

    4027bfae22827a706dd8cb64cc61e2f94d0655cec7a4f656cd74f82b5af9f98c

  • SHA512

    8af4d7c8f2c43c206fcfaa4c371e48aa2a450f364afa0e09aa864d6f6048d632c83b9c06d16477df8324d283e86b9eab2bddc2d9fd6ef01f209dd065310d4efd

Malware Config

Targets

    • Target

      usps-shipment.jar

    • Size

      184KB

    • MD5

      cca26d216f42ab72821eaec5c9e8d73f

    • SHA1

      312a38a5b5c88037160b2ebf958d2402778f7309

    • SHA256

      4027bfae22827a706dd8cb64cc61e2f94d0655cec7a4f656cd74f82b5af9f98c

    • SHA512

      8af4d7c8f2c43c206fcfaa4c371e48aa2a450f364afa0e09aa864d6f6048d632c83b9c06d16477df8324d283e86b9eab2bddc2d9fd6ef01f209dd065310d4efd

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks