General

  • Target

    tmp365s8h47

  • Size

    218KB

  • Sample

    230703-w5pt4sah9y

  • MD5

    d8688e230d5513f86999b93b84b2465b

  • SHA1

    65dbdb665ff9144f7d4c2a80c6039be4781208c6

  • SHA256

    b08c54a7e2fb3ec6c31f0332b762e51b556d91f0d7cbe7745f5c417206f59d02

  • SHA512

    b9a7d75bc5afbb5322b69575dcafafd002431f41ecd97a34190eef5122cbe1d8615b302650e934bd123bc48a223abd323f4c9248986743c78d694e51af033123

  • SSDEEP

    6144:LlwvKMs69nI1Pqc0/N9Hpcw5Ji3FPK23BxcoMc+eas1:pqcP8/3HpcwMPV1M7eas1

Malware Config

Targets

    • Target

      tmp365s8h47

    • Size

      218KB

    • MD5

      d8688e230d5513f86999b93b84b2465b

    • SHA1

      65dbdb665ff9144f7d4c2a80c6039be4781208c6

    • SHA256

      b08c54a7e2fb3ec6c31f0332b762e51b556d91f0d7cbe7745f5c417206f59d02

    • SHA512

      b9a7d75bc5afbb5322b69575dcafafd002431f41ecd97a34190eef5122cbe1d8615b302650e934bd123bc48a223abd323f4c9248986743c78d694e51af033123

    • SSDEEP

      6144:LlwvKMs69nI1Pqc0/N9Hpcw5Ji3FPK23BxcoMc+eas1:pqcP8/3HpcwMPV1M7eas1

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks