General

  • Target

    NITAS POV211201.jar

  • Size

    178KB

  • Sample

    220218-m2vrhscde6

  • MD5

    b8587dbc41ad8be0032137b2611740ec

  • SHA1

    20f4e5f5e6099709f80a1c2bdd0b454e5a3e506c

  • SHA256

    2743fa7e35da259564a4f879b20487577921a3e669d6deb3fa5cca3193f73952

  • SHA512

    e5f56cff33ec9cbabaa3bcbe7f6111eef138e80cee57dc386009813685cb62bab370023a1d2cf6cab834f2b0d81ae6f8078316d8e01db7676e63199201876393

Malware Config

Targets

    • Target

      NITAS POV211201.jar

    • Size

      178KB

    • MD5

      b8587dbc41ad8be0032137b2611740ec

    • SHA1

      20f4e5f5e6099709f80a1c2bdd0b454e5a3e506c

    • SHA256

      2743fa7e35da259564a4f879b20487577921a3e669d6deb3fa5cca3193f73952

    • SHA512

      e5f56cff33ec9cbabaa3bcbe7f6111eef138e80cee57dc386009813685cb62bab370023a1d2cf6cab834f2b0d81ae6f8078316d8e01db7676e63199201876393

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks