General

  • Target

    SBS RFQ 00926800230609_pdf (93kb).jar

  • Size

    219KB

  • Sample

    230609-ptf99scb34

  • MD5

    a25fa173093bf047bb4e789b79bfaa63

  • SHA1

    99f8196992e7652569efb8dff2ce3505c730cba0

  • SHA256

    028376d3fd8b3dabf7f41eb68cdddd5e04054792ce328cf7ef5e320ccf32ab1f

  • SHA512

    814a6da7bc94a8e196f84e59e431458713e2cb9141eb6d6f09117173846414a1bcd057ddabe53c795feeffe326f99e63730657f55efdcc9eedecd6fcb3071c6f

  • SSDEEP

    6144:lIXAs8OwnBa8vAL82E6v4LglHQIpHEuUT7PJ4CKUjdH:ukOwnrvkDWLgfUnPl

Malware Config

Targets

    • Target

      SBS RFQ 00926800230609_pdf (93kb).jar

    • Size

      219KB

    • MD5

      a25fa173093bf047bb4e789b79bfaa63

    • SHA1

      99f8196992e7652569efb8dff2ce3505c730cba0

    • SHA256

      028376d3fd8b3dabf7f41eb68cdddd5e04054792ce328cf7ef5e320ccf32ab1f

    • SHA512

      814a6da7bc94a8e196f84e59e431458713e2cb9141eb6d6f09117173846414a1bcd057ddabe53c795feeffe326f99e63730657f55efdcc9eedecd6fcb3071c6f

    • SSDEEP

      6144:lIXAs8OwnBa8vAL82E6v4LglHQIpHEuUT7PJ4CKUjdH:ukOwnrvkDWLgfUnPl

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks