General

  • Target

    aab0e96ae1075cead7040e56c7e907e9.bin

  • Size

    211KB

  • Sample

    230621-b168dagd61

  • MD5

    e584d2be9c98e957f34fc34cb04f26e0

  • SHA1

    c272710b919af090eddcb8ce4758f5615209d502

  • SHA256

    532f6b2dc5f3dbf6eb8912249c77f2f1cdfd6e46132796c3d3d25b8af0a78416

  • SHA512

    27f58fe5b387d40d10d1f21c4292232791a9956c7ec5c6c9960a9547e935913a4908c76bb58cc03ba70e103353ae72768a8076e66e606146be159ffb4769aa83

  • SSDEEP

    3072:ppr4NfyS4QkOmaBe0I+/hC+3bPlnbp7ud6FbI1fQygJLYa7QY1cd9JdOypWaLdNP:PsW7aLIi1bdBFbvHLVJcLWWh0o

Malware Config

Targets

    • Target

      9abdb3f20f276e4ad06483b19ce8f6c0a29e6f0802da7436a06e6651ba3f7490.jar

    • Size

      217KB

    • MD5

      aab0e96ae1075cead7040e56c7e907e9

    • SHA1

      7405ecaaacea052c97a5d8b06a86bc7ac0c855fa

    • SHA256

      9abdb3f20f276e4ad06483b19ce8f6c0a29e6f0802da7436a06e6651ba3f7490

    • SHA512

      4133dc91f36968872f39677cfb5de901ed1137875dbc0cdd76d7facf51219a1f501889e2e0453a74f74d6282a53e14ef1b8224c44adafb20c7449a0547f192e3

    • SSDEEP

      6144:j/ZqtyAW+u8cX2qQUaC01ZDuwcMGLMg5TBwW:jUtjM8cX2qmTP8M6B/

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks