General

  • Target

    Payment_Advice.jar

  • Size

    70KB

  • Sample

    230615-jgzm7afb36

  • MD5

    659f8e8692bed46dd61c93e020bb45eb

  • SHA1

    0e8a067fafc6ed08049fd9466e4dcf4899b1405c

  • SHA256

    25b48a8416b8f38a1dcbbb9868d7a0019b9c9e6d0cca791bab3472a19481079a

  • SHA512

    67b055a5a49bb3cc1f970efcb6fe938cbca383e7ed4ae41b014ebaf8322ff5eb8be453225610e8c8ae1935a16e71d37cca02b23894a889bfc2b0e1de95d5776c

  • SSDEEP

    1536:cehVlaVCJKd4grGkYTIZyKz6aUX1o4uSwFN9kth0S:cehVlaSqiIZ5zPU9uSWDk0S

Malware Config

Targets

    • Target

      Payment_Advice.jar

    • Size

      70KB

    • MD5

      659f8e8692bed46dd61c93e020bb45eb

    • SHA1

      0e8a067fafc6ed08049fd9466e4dcf4899b1405c

    • SHA256

      25b48a8416b8f38a1dcbbb9868d7a0019b9c9e6d0cca791bab3472a19481079a

    • SHA512

      67b055a5a49bb3cc1f970efcb6fe938cbca383e7ed4ae41b014ebaf8322ff5eb8be453225610e8c8ae1935a16e71d37cca02b23894a889bfc2b0e1de95d5776c

    • SSDEEP

      1536:cehVlaVCJKd4grGkYTIZyKz6aUX1o4uSwFN9kth0S:cehVlaSqiIZ5zPU9uSWDk0S

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks