General

  • Target

    Order 2000248955.jar

  • Size

    218KB

  • Sample

    230613-3hn3macc68

  • MD5

    fe5cd5366d41133813a9327c5a3ed7dd

  • SHA1

    6a9017e96a475d6e7317ae5833099ecf6fcb67ba

  • SHA256

    7c48cd983404f94b5584f7a0473cb55aaa1e23ea54bc5980a474a6d4fa8ed101

  • SHA512

    72e281622740fa79d74f8499284ad5da9437a6ad52c6147dfd298c35e87cc60f0c2ef1aca98a75b0a92214711bbbd6aefaa9f66d1aed7ac9b72d339c267fb79a

  • SSDEEP

    6144:C9HjTj6lQfBf5VfvtrmoN5TV2OWIiZm8BAIEnM8TBBNWTr:CVTulifV35RJWZN8nbYTr

Malware Config

Targets

    • Target

      Order 2000248955.jar

    • Size

      218KB

    • MD5

      fe5cd5366d41133813a9327c5a3ed7dd

    • SHA1

      6a9017e96a475d6e7317ae5833099ecf6fcb67ba

    • SHA256

      7c48cd983404f94b5584f7a0473cb55aaa1e23ea54bc5980a474a6d4fa8ed101

    • SHA512

      72e281622740fa79d74f8499284ad5da9437a6ad52c6147dfd298c35e87cc60f0c2ef1aca98a75b0a92214711bbbd6aefaa9f66d1aed7ac9b72d339c267fb79a

    • SSDEEP

      6144:C9HjTj6lQfBf5VfvtrmoN5TV2OWIiZm8BAIEnM8TBBNWTr:CVTulifV35RJWZN8nbYTr

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks