General

  • Target

    Doc 10013202300 New Order.jar

  • Size

    218KB

  • Sample

    230613-lba4raff42

  • MD5

    c1f0b0d6d87ed7d5b715b7502f91ff76

  • SHA1

    0ef698fd1adca1b0dd64d5f24b7e6e8b4863b8d9

  • SHA256

    a3878ecd4231967d3819f2b8e793ba74d4433607f04a2f238cf2430422ab9715

  • SHA512

    db7024a4f09b3cca92f78926c396d5d96981ec76761989e7facbb7eaf70c9f5771b3b2205c4becdbf611f45108a035c2a878e3de8f57f8baf661a8b933571649

  • SSDEEP

    6144:PbUrHtbaqF2OR8JKWhm8WXliyTvBBLzNMuCA:jc52pKWU8Oi4v7PNMur

Malware Config

Targets

    • Target

      Doc 10013202300 New Order.jar

    • Size

      218KB

    • MD5

      c1f0b0d6d87ed7d5b715b7502f91ff76

    • SHA1

      0ef698fd1adca1b0dd64d5f24b7e6e8b4863b8d9

    • SHA256

      a3878ecd4231967d3819f2b8e793ba74d4433607f04a2f238cf2430422ab9715

    • SHA512

      db7024a4f09b3cca92f78926c396d5d96981ec76761989e7facbb7eaf70c9f5771b3b2205c4becdbf611f45108a035c2a878e3de8f57f8baf661a8b933571649

    • SSDEEP

      6144:PbUrHtbaqF2OR8JKWhm8WXliyTvBBLzNMuCA:jc52pKWU8Oi4v7PNMur

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks