General

  • Target

    194291014-215139-sanlccjavap0003-1.jar

  • Size

    161KB

  • Sample

    220222-jmjtxsecc7

  • MD5

    ef9f5b4a6c33c916bc9ef517e5545ed4

  • SHA1

    4d4a56dc34e6938002f6867a96cb2c5143a8ec68

  • SHA256

    7ccc38e2616bfb5aef446213a4cab27cffd99e91ba1e035857344a8d5c9454b3

  • SHA512

    efb74971ad08e37638c3466209b4b4003f392b9cf73b9111ae340ad2756f9bdf447e8cf65c064c3d80c0b167f81b4b57c330c43bd49b9b261b101b80b44d1546

Malware Config

Targets

    • Target

      194291014-215139-sanlccjavap0003-1.jar

    • Size

      161KB

    • MD5

      ef9f5b4a6c33c916bc9ef517e5545ed4

    • SHA1

      4d4a56dc34e6938002f6867a96cb2c5143a8ec68

    • SHA256

      7ccc38e2616bfb5aef446213a4cab27cffd99e91ba1e035857344a8d5c9454b3

    • SHA512

      efb74971ad08e37638c3466209b4b4003f392b9cf73b9111ae340ad2756f9bdf447e8cf65c064c3d80c0b167f81b4b57c330c43bd49b9b261b101b80b44d1546

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks