General
-
Target
7dac70b3a13a5c7de050546377e87e3cc0074ddffd0ae859594356f27684b5c1.jar
-
Size
223KB
-
Sample
240511-kfzr8sbh28
-
MD5
1fd8b149c3c3fb8dd216174ed3c5246f
-
SHA1
fb6d16773bb961b2e4b66b318ecd5c0129917724
-
SHA256
7dac70b3a13a5c7de050546377e87e3cc0074ddffd0ae859594356f27684b5c1
-
SHA512
4b5a978a2a5bb1cc659d8cdfc0faa98d0fdcc4da7ada7e6160ae04506d880c84918a9c8afc2b356ecaaedf57388a9161e17a930747c8779b6e2c14a7a04a5118
-
SSDEEP
6144:k6mceAFqNjwGhZJHruXCWQnNA26hl2pur50IYAGz1qLUbmi8m:k6mMyt9nMD50IfLUbmi8m
Malware Config
Targets
-
-
Target
7dac70b3a13a5c7de050546377e87e3cc0074ddffd0ae859594356f27684b5c1.jar
-
Size
223KB
-
MD5
1fd8b149c3c3fb8dd216174ed3c5246f
-
SHA1
fb6d16773bb961b2e4b66b318ecd5c0129917724
-
SHA256
7dac70b3a13a5c7de050546377e87e3cc0074ddffd0ae859594356f27684b5c1
-
SHA512
4b5a978a2a5bb1cc659d8cdfc0faa98d0fdcc4da7ada7e6160ae04506d880c84918a9c8afc2b356ecaaedf57388a9161e17a930747c8779b6e2c14a7a04a5118
-
SSDEEP
6144:k6mceAFqNjwGhZJHruXCWQnNA26hl2pur50IYAGz1qLUbmi8m:k6mMyt9nMD50IfLUbmi8m
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-