Overview

overview

10

Static

static

1

b2a713c200...69.jar

windows7-x64

3

b2a713c200...69.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ce3e372d644ecd63ec9393e12f10f3d.bin

  • Size

    184KB

  • Sample

    230321-bxjmxaab9x

  • MD5

    e152655d623b2a47383eec611fe714bd

  • SHA1

    daa26e6e1faf2bec32968b8d31e07494df51cea0

  • SHA256

    d6881c6777ef34b9453d3654f491af56cc3444fe15a13b3122fd66309f285a41

  • SHA512

    941db936b5a61278140b0e4b1b837a38dca64b6123f43f9dd185f2f9754c557ac29a9c82753da236895ffc81e7ff325a5598a329c0d356bf894b662550b80ece

  • SSDEEP

    3072:3CNMChwY3AnMYwl7f1KKIAj6ys6jFI9zMWYfBkoIMQeFN23LM7fzTVfbVeCcaKjw:2MChwY3AMtNf1LIAeysIi9vwCoI1lLM9

Score
10/10
strratpersistencestealertrojan

Malware Config

Targets

    • Target

      b2a713c200db40a2516497ba113d3198742535cbb07745e625ce658ace882d69.jar

    • Size

      184KB

    • MD5

      7ce3e372d644ecd63ec9393e12f10f3d

    • SHA1

      9a8fb48b8c803ddb01357dbe4cf2aac845403926

    • SHA256

      b2a713c200db40a2516497ba113d3198742535cbb07745e625ce658ace882d69

    • SHA512

      5e079b575dab0470d813a5ce18b8a6f9dd076335a237c3fa37d12c94e7e0baed03165068d921e16328f86b6cc236e6ca31efb18df735f74e5f7c73ed1b71d5b9

    • SSDEEP

      3072:0L7ikOOC1uBkeQERXx1uQmThP/w6Fr/eU3UcX3adbYkURt20rgy8ZItdUB98ZUuQ:RFOCABkeBSQmThPIoEcX2bYkURkCgy87

    Score
    10/10
    strratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks