General

  • Target

    Inventory List.jar

  • Size

    219KB

  • Sample

    230621-g8cavshb5t

  • MD5

    4528ca1cd5111138dbd966f65aa18fd4

  • SHA1

    51288703a62480e7a80fc6e2f43d96f230324537

  • SHA256

    924c2bc4af402c80d0d9840cb97ced94cf09755df952c02f43d0f23b5f6ed657

  • SHA512

    7a45b93c648bdda6b42853face3e41f39ae057aa136af0d664bb31c8f8e09d4ab8534e15d833f8dfacad3b6bb538343dd942855ed3f9b7010691ffef4db9077c

  • SSDEEP

    6144:j0BJ66R8sBvhIm5ETEXBr/8D9b1WbhjPf7jtjCi:vUB5bGSSZyjfAi

Malware Config

Targets

    • Target

      Inventory List.jar

    • Size

      219KB

    • MD5

      4528ca1cd5111138dbd966f65aa18fd4

    • SHA1

      51288703a62480e7a80fc6e2f43d96f230324537

    • SHA256

      924c2bc4af402c80d0d9840cb97ced94cf09755df952c02f43d0f23b5f6ed657

    • SHA512

      7a45b93c648bdda6b42853face3e41f39ae057aa136af0d664bb31c8f8e09d4ab8534e15d833f8dfacad3b6bb538343dd942855ed3f9b7010691ffef4db9077c

    • SSDEEP

      6144:j0BJ66R8sBvhIm5ETEXBr/8D9b1WbhjPf7jtjCi:vUB5bGSSZyjfAi

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks