Overview

overview

10

Static

static

1

PT.No0021.jar

windows7-x64

10

PT.No0021.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PT.No0021.jar

  • Size

    225KB

  • Sample

    230215-gmfq6aad89

  • MD5

    1e0babc6ad2de5834e1972ab0de99249

  • SHA1

    16dda1dd98fb9202efff2f2367f6b9c0740e59ec

  • SHA256

    c210c36fcfbab3776cbcb918a14a6e633454680e9d7bb4d88b6a3d46082711c7

  • SHA512

    98855427cd5e275c88004b5dce8614ea283ad32d11e6c6ed03680939c884c34b608505be964cf66d0bf00c00c424b66e07c4eef185ae00cbc450cbbdc9323ebd

  • SSDEEP

    6144:uMojbC0sFaSqVC0T9Hk18DemQ+EioNY+moVo:Uj+0mas0JxemPEiYVVo

Score
10/10
strratvjw0rmpersistencestealertrojanworm

Malware Config

Targets

    • Target

      PT.No0021.jar

    • Size

      225KB

    • MD5

      1e0babc6ad2de5834e1972ab0de99249

    • SHA1

      16dda1dd98fb9202efff2f2367f6b9c0740e59ec

    • SHA256

      c210c36fcfbab3776cbcb918a14a6e633454680e9d7bb4d88b6a3d46082711c7

    • SHA512

      98855427cd5e275c88004b5dce8614ea283ad32d11e6c6ed03680939c884c34b608505be964cf66d0bf00c00c424b66e07c4eef185ae00cbc450cbbdc9323ebd

    • SSDEEP

      6144:uMojbC0sFaSqVC0T9Hk18DemQ+EioNY+moVo:Uj+0mas0JxemPEiYVVo

    Score
    10/10
    strratvjw0rmpersistencestealertrojanworm

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks