General

  • Target

    Enquiry W0280 - 16-062023.jar

  • Size

    218KB

  • Sample

    230616-cl9wdscd72

  • MD5

    164230af55ddfd4874e15128ff27ac26

  • SHA1

    6d1b2a4913eb5bfc8257b9698140940e95b55d81

  • SHA256

    30a3607264bb160ac50c9c6eadb049dd83f9df01cefa99821b75f1d45b1bf49b

  • SHA512

    556ed53f30fee7baa665604aadb04e4c4d0808ad6721ae4280fc37dcf020b6e3afc695f98f1b6863d88a14736eae4e8cb0a6466aed5ef35cddb284bd56e80fb0

  • SSDEEP

    6144:UPi0wB//FkdQtT4m81s84hgAgPNgNSbTJizNmRxlA:UPEk2q/4CACNgIHJizNX

Malware Config

Targets

    • Target

      Enquiry W0280 - 16-062023.jar

    • Size

      218KB

    • MD5

      164230af55ddfd4874e15128ff27ac26

    • SHA1

      6d1b2a4913eb5bfc8257b9698140940e95b55d81

    • SHA256

      30a3607264bb160ac50c9c6eadb049dd83f9df01cefa99821b75f1d45b1bf49b

    • SHA512

      556ed53f30fee7baa665604aadb04e4c4d0808ad6721ae4280fc37dcf020b6e3afc695f98f1b6863d88a14736eae4e8cb0a6466aed5ef35cddb284bd56e80fb0

    • SSDEEP

      6144:UPi0wB//FkdQtT4m81s84hgAgPNgNSbTJizNmRxlA:UPEk2q/4CACNgIHJizNX

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks