General

  • Target

    PaymentAdvicejar.jar

  • Size

    70KB

  • Sample

    230704-qj3wysfa2y

  • MD5

    96e155635a6002564daf530fb8a7640d

  • SHA1

    1f56272c46862b6ffa167a47d8d2346c26c7053c

  • SHA256

    bd1248880dc8c8ddbf23ec2fbe6db2463251fc137d4efbcf827f100e5a413a2c

  • SHA512

    2bc66a5175d2f9d39a574f4c88fcdb38ca155ea6af748b7649c2e0c929453d26183cf80f5a20225dedaa8b10c9eaf5465e7c406e71a710cae1e5dc47a9d970e7

  • SSDEEP

    1536:k0L6pMH+goZaLfUXI0IykpJu9rSvZrUbfj9GzQ:rH+3aLfJtu9SpUbfj9GzQ

Malware Config

Targets

    • Target

      PaymentAdvicejar.jar

    • Size

      70KB

    • MD5

      96e155635a6002564daf530fb8a7640d

    • SHA1

      1f56272c46862b6ffa167a47d8d2346c26c7053c

    • SHA256

      bd1248880dc8c8ddbf23ec2fbe6db2463251fc137d4efbcf827f100e5a413a2c

    • SHA512

      2bc66a5175d2f9d39a574f4c88fcdb38ca155ea6af748b7649c2e0c929453d26183cf80f5a20225dedaa8b10c9eaf5465e7c406e71a710cae1e5dc47a9d970e7

    • SSDEEP

      1536:k0L6pMH+goZaLfUXI0IykpJu9rSvZrUbfj9GzQ:rH+3aLfJtu9SpUbfj9GzQ

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks