General

  • Target

    Attachment.jar

  • Size

    219KB

  • Sample

    230703-nctnlagb79

  • MD5

    74d42b58d2de6709e10badc53eb8ba9f

  • SHA1

    9e2b4548c82d0eb1ffe3165f436fcdf5fd3831f0

  • SHA256

    07b3f4158a0edf8da26b12ff2b40d92c54303f3008f6275a508f45207b4fdd83

  • SHA512

    93d55be68a0c51f16fa243d98ca1988450617263ecab5bd382586b1d1182e8a74fdf8f2b7cfebb3205501d3f95e86256f67965aa86243750a274bf114c84dc29

  • SSDEEP

    3072:3rsNi6AIO0NVu7AdTM4ZyyBqjIV28vPHQocEQub4yQwDeCdS8PjfXO7NLqYPZq5:3PzYcsd3yyNVlwocfPxwDiujf62YM5

Malware Config

Targets

    • Target

      Attachment.jar

    • Size

      219KB

    • MD5

      74d42b58d2de6709e10badc53eb8ba9f

    • SHA1

      9e2b4548c82d0eb1ffe3165f436fcdf5fd3831f0

    • SHA256

      07b3f4158a0edf8da26b12ff2b40d92c54303f3008f6275a508f45207b4fdd83

    • SHA512

      93d55be68a0c51f16fa243d98ca1988450617263ecab5bd382586b1d1182e8a74fdf8f2b7cfebb3205501d3f95e86256f67965aa86243750a274bf114c84dc29

    • SSDEEP

      3072:3rsNi6AIO0NVu7AdTM4ZyyBqjIV28vPHQocEQub4yQwDeCdS8PjfXO7NLqYPZq5:3PzYcsd3yyNVlwocfPxwDiujf62YM5

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks