General

  • Target

    transferencia.jar

  • Size

    178KB

  • Sample

    220218-hjmkzabha3

  • MD5

    1488c8ef04511dd6f0851cbc965837bb

  • SHA1

    0a227b194fb3b9c2d09540181563a6d798508d99

  • SHA256

    38a74520d86f5dd21bf5c447c92a9e5c0c3f69db84b1666e33d5d86784bead3a

  • SHA512

    14c89228a9c40338c2cea0ccd5c7c156b7631fc1ae406c9e540e04dbc45d816b6765123f7f9820dc2632d6f255305343ee5022a6d5751b05280dae9365855162

Malware Config

Targets

    • Target

      transferencia.jar

    • Size

      178KB

    • MD5

      1488c8ef04511dd6f0851cbc965837bb

    • SHA1

      0a227b194fb3b9c2d09540181563a6d798508d99

    • SHA256

      38a74520d86f5dd21bf5c447c92a9e5c0c3f69db84b1666e33d5d86784bead3a

    • SHA512

      14c89228a9c40338c2cea0ccd5c7c156b7631fc1ae406c9e540e04dbc45d816b6765123f7f9820dc2632d6f255305343ee5022a6d5751b05280dae9365855162

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks