General
-
Target
d5ed6717c6b756c1604c1182f078107148dbe72dac5112a6cf3e1b772699676b.jar
-
Size
301KB
-
Sample
240509-ch6pkafb96
-
MD5
d4dd87e0ace13b1f69b1a6653d6cff4e
-
SHA1
8d25a40f4dabe65335214e7347671bc4de4a42a0
-
SHA256
d5ed6717c6b756c1604c1182f078107148dbe72dac5112a6cf3e1b772699676b
-
SHA512
22c5b257a23161802f1ed09a428b4402be334253bea2b71875ac6262cd8da3da2c62333a36879946ff15b5cd11b04a846589ac53be279b0817a49be4d98543bb
-
SSDEEP
6144:opxd3RUwD5ZvA8iX0TdbycfzVokKcU0x/zQOnZvLeGx1inwWH6H5cgGW:op/3RUqDYTkJ+cfzq3cb9z7LeE6U5cgH
Malware Config
Targets
-
-
Target
d5ed6717c6b756c1604c1182f078107148dbe72dac5112a6cf3e1b772699676b.jar
-
Size
301KB
-
MD5
d4dd87e0ace13b1f69b1a6653d6cff4e
-
SHA1
8d25a40f4dabe65335214e7347671bc4de4a42a0
-
SHA256
d5ed6717c6b756c1604c1182f078107148dbe72dac5112a6cf3e1b772699676b
-
SHA512
22c5b257a23161802f1ed09a428b4402be334253bea2b71875ac6262cd8da3da2c62333a36879946ff15b5cd11b04a846589ac53be279b0817a49be4d98543bb
-
SSDEEP
6144:opxd3RUwD5ZvA8iX0TdbycfzVokKcU0x/zQOnZvLeGx1inwWH6H5cgGW:op/3RUqDYTkJ+cfzq3cb9z7LeE6U5cgH
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-