General

  • Target

    Enquiry_06-162023.jar

  • Size

    218KB

  • Sample

    230616-lbwqfsdh5z

  • MD5

    291f150f24c698b1732279a1e7bd4be4

  • SHA1

    bb69a861d63f556350868d4a6a3e6b224cc619db

  • SHA256

    a2e2a352b0b93c5ccf734c14ba0367af8b8c980a1ed7622208c62229888afe82

  • SHA512

    c80c2a7f1d7623f7d75b1400eb0f8bbeea68b043499f23831ee783f00b39cf7e252b09c8f5b01b5b6efc55812911cd1c54e16261078cafe33586e984d8e2f550

  • SSDEEP

    6144:tdRPN78WXHNZ7OX2cg5znzn2Ma922gt4QYtQ90Y22ssw:tTVAWXH7Q45PnrcXgt1vk

Malware Config

Targets

    • Target

      Enquiry_06-162023.jar

    • Size

      218KB

    • MD5

      291f150f24c698b1732279a1e7bd4be4

    • SHA1

      bb69a861d63f556350868d4a6a3e6b224cc619db

    • SHA256

      a2e2a352b0b93c5ccf734c14ba0367af8b8c980a1ed7622208c62229888afe82

    • SHA512

      c80c2a7f1d7623f7d75b1400eb0f8bbeea68b043499f23831ee783f00b39cf7e252b09c8f5b01b5b6efc55812911cd1c54e16261078cafe33586e984d8e2f550

    • SSDEEP

      6144:tdRPN78WXHNZ7OX2cg5znzn2Ma922gt4QYtQ90Y22ssw:tTVAWXH7Q45PnrcXgt1vk

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks