Resubmissions

17/02/2022, 16:54

220217-ve2wbacbe8 10

17/02/2022, 11:02

220217-m46xkabah6 4

General

  • Target

    NITAS POV211206 .jar

  • Size

    178KB

  • Sample

    220217-ve2wbacbe8

  • MD5

    d7b4fc94bbe1b674b45290f6f9cb57ad

  • SHA1

    d39000d117ecdf137ddd6e37684398f6e35d0bf3

  • SHA256

    de0320c054a777a1870ba945082e9afa76b09adc20f6214e2ed3a5de818f9ac3

  • SHA512

    824a1b4348d7d32b9520aed0e87bec823f052493d68089f09cabc05fee77e0dd72de8b70e7bc60c600885ea8e81792b348d01e1c77c3830742308d50acd62947

Malware Config

Targets

    • Target

      NITAS POV211206 .jar

    • Size

      178KB

    • MD5

      d7b4fc94bbe1b674b45290f6f9cb57ad

    • SHA1

      d39000d117ecdf137ddd6e37684398f6e35d0bf3

    • SHA256

      de0320c054a777a1870ba945082e9afa76b09adc20f6214e2ed3a5de818f9ac3

    • SHA512

      824a1b4348d7d32b9520aed0e87bec823f052493d68089f09cabc05fee77e0dd72de8b70e7bc60c600885ea8e81792b348d01e1c77c3830742308d50acd62947

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks