General

  • Target

    kpimkh.txt.jar

  • Size

    88KB

  • Sample

    220309-xr9g2aeccp

  • MD5

    2e090879efec8d5b324d221435298911

  • SHA1

    7770065a9e4f30ebbd06b645e70a4be33c22d629

  • SHA256

    ccdecc23d71718bb2b21c9c37ab716c7e43775e236dc474af53f06706a131343

  • SHA512

    47d40ca6f3e9952ed205d06aeef941d1210a219cf7b8714ec7d17fa7a7f38b736b4748e43f1d1e17f5dbb44aee13c8078100f61a61bbef66dac2c93c0ea9e174

Malware Config

Targets

    • Target

      kpimkh.txt.jar

    • Size

      88KB

    • MD5

      2e090879efec8d5b324d221435298911

    • SHA1

      7770065a9e4f30ebbd06b645e70a4be33c22d629

    • SHA256

      ccdecc23d71718bb2b21c9c37ab716c7e43775e236dc474af53f06706a131343

    • SHA512

      47d40ca6f3e9952ed205d06aeef941d1210a219cf7b8714ec7d17fa7a7f38b736b4748e43f1d1e17f5dbb44aee13c8078100f61a61bbef66dac2c93c0ea9e174

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • suricata: ET MALWARE STRRAT Initial HTTP Activity

      suricata: ET MALWARE STRRAT Initial HTTP Activity

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks