General

  • Target

    3PU004731 MPR D2000 WK 24 BERNULY SUPPLY CO LTD.jar

  • Size

    217KB

  • Sample

    230619-t78nwsfb25

  • MD5

    aab0e96ae1075cead7040e56c7e907e9

  • SHA1

    7405ecaaacea052c97a5d8b06a86bc7ac0c855fa

  • SHA256

    9abdb3f20f276e4ad06483b19ce8f6c0a29e6f0802da7436a06e6651ba3f7490

  • SHA512

    4133dc91f36968872f39677cfb5de901ed1137875dbc0cdd76d7facf51219a1f501889e2e0453a74f74d6282a53e14ef1b8224c44adafb20c7449a0547f192e3

  • SSDEEP

    6144:j/ZqtyAW+u8cX2qQUaC01ZDuwcMGLMg5TBwW:jUtjM8cX2qmTP8M6B/

Malware Config

Targets

    • Target

      3PU004731 MPR D2000 WK 24 BERNULY SUPPLY CO LTD.jar

    • Size

      217KB

    • MD5

      aab0e96ae1075cead7040e56c7e907e9

    • SHA1

      7405ecaaacea052c97a5d8b06a86bc7ac0c855fa

    • SHA256

      9abdb3f20f276e4ad06483b19ce8f6c0a29e6f0802da7436a06e6651ba3f7490

    • SHA512

      4133dc91f36968872f39677cfb5de901ed1137875dbc0cdd76d7facf51219a1f501889e2e0453a74f74d6282a53e14ef1b8224c44adafb20c7449a0547f192e3

    • SSDEEP

      6144:j/ZqtyAW+u8cX2qQUaC01ZDuwcMGLMg5TBwW:jUtjM8cX2qmTP8M6B/

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks