General

  • Target

    Payment_Advice.jar

  • Size

    70KB

  • Sample

    230530-jrjdysgf3w

  • MD5

    be77b01b2addc5f0d1dff29b5635ce9a

  • SHA1

    88e3fc169497a27c81498957459f03920156d3f9

  • SHA256

    5209a5306d46dea4da89de88335d50a6c4d3ff17f547bae4cd61660a32427ca3

  • SHA512

    a52cd8371b7cd5b0aa132b14df561a379746a314f3323a1ffc8ab2174351866fd7a9943facc9ecf0f74e9150fc12ab88761931fc786063b81901ea65f19aac51

  • SSDEEP

    1536:6/gMAxRQVTcG7gLsDJ9U+ldSfiexN5VnH/KKTwcoe3o/ljSUS:HMAf0cvLs7UqdSzTnyKThMSZ

Malware Config

Targets

    • Target

      Payment_Advice.jar

    • Size

      70KB

    • MD5

      be77b01b2addc5f0d1dff29b5635ce9a

    • SHA1

      88e3fc169497a27c81498957459f03920156d3f9

    • SHA256

      5209a5306d46dea4da89de88335d50a6c4d3ff17f547bae4cd61660a32427ca3

    • SHA512

      a52cd8371b7cd5b0aa132b14df561a379746a314f3323a1ffc8ab2174351866fd7a9943facc9ecf0f74e9150fc12ab88761931fc786063b81901ea65f19aac51

    • SSDEEP

      1536:6/gMAxRQVTcG7gLsDJ9U+ldSfiexN5VnH/KKTwcoe3o/ljSUS:HMAf0cvLs7UqdSzTnyKThMSZ

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks