General

  • Target

    Enquiry_06-162023.img

  • Size

    1.2MB

  • Sample

    230616-mg2dkaee27

  • MD5

    0fe380592f9947989b2ffeeab2fbd17a

  • SHA1

    8457cb303fd5fae8b78b9bda550c5e9b10289f03

  • SHA256

    39a48245cc13aec054c2b91204149f20e194e6158fdfc18519acc5decb50148a

  • SHA512

    e934dcd9272fe9e7f4f668f554651491862b1edfaf4feaae2a26de2fbec75d9a59cf3ff5da1c30f285897ddbe1a03b484bfef2998ef27718481f0ca493a2d806

  • SSDEEP

    6144:TdRPN78WXHNZ7OX2cg5znzn2Ma922gt4QYtQ90Y22ss:TTVAWXH7Q45PnrcXgt1v

Malware Config

Targets

    • Target

      ENQUIRY_.JAR

    • Size

      218KB

    • MD5

      291f150f24c698b1732279a1e7bd4be4

    • SHA1

      bb69a861d63f556350868d4a6a3e6b224cc619db

    • SHA256

      a2e2a352b0b93c5ccf734c14ba0367af8b8c980a1ed7622208c62229888afe82

    • SHA512

      c80c2a7f1d7623f7d75b1400eb0f8bbeea68b043499f23831ee783f00b39cf7e252b09c8f5b01b5b6efc55812911cd1c54e16261078cafe33586e984d8e2f550

    • SSDEEP

      6144:tdRPN78WXHNZ7OX2cg5znzn2Ma922gt4QYtQ90Y22ssw:tTVAWXH7Q45PnrcXgt1vk

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks