General

  • Target

    43PU004731-1.jar

  • Size

    218KB

  • Sample

    230619-nl53zsef3t

  • MD5

    24b3bf8cdfa22372827501d1c4138364

  • SHA1

    dbf973f236056d2992d478fefd8f51af83804fad

  • SHA256

    d130e85809cfd63debe80dd0de273609d95a37649bac1a456042d760ada9b53e

  • SHA512

    3d7b004466a80671a7cd6563895ff6025f3a439ec8cd4dce5d012901cf7c09f32b671baf30b296bb064583e5b3481c7ca4957180e64c3015b41f8a1dddfea4e5

  • SSDEEP

    6144:ecEZYcwJbA7R0VsPVR3g7snJSgxXoo5AN:HEWcUbUzdRQgxYoON

Malware Config

Targets

    • Target

      43PU004731-1.jar

    • Size

      218KB

    • MD5

      24b3bf8cdfa22372827501d1c4138364

    • SHA1

      dbf973f236056d2992d478fefd8f51af83804fad

    • SHA256

      d130e85809cfd63debe80dd0de273609d95a37649bac1a456042d760ada9b53e

    • SHA512

      3d7b004466a80671a7cd6563895ff6025f3a439ec8cd4dce5d012901cf7c09f32b671baf30b296bb064583e5b3481c7ca4957180e64c3015b41f8a1dddfea4e5

    • SSDEEP

      6144:ecEZYcwJbA7R0VsPVR3g7snJSgxXoo5AN:HEWcUbUzdRQgxYoON

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks