General

  • Target

    PO#093477.jar

  • Size

    220KB

  • Sample

    240514-jdjgssff67

  • MD5

    a9f7ea02e9ac0ae3efbd5564ebbe62e8

  • SHA1

    63719732ad04043d689fc67bcf5fbb9019988e3b

  • SHA256

    14bbc47ec13a911c8863b379d1ad30232a59c9d6fe79fa2cc7aae2f94dad879d

  • SHA512

    0203c538a03435eae9a22e692520684dec6f61e02d0ce9e4b22587cd8dc9e094b10f9db17fe185ab294ee8d99c4733799de575e76b6e8bd43771858a80a28e37

  • SSDEEP

    6144:93VRqxixsnSCgmvS7lUBNo91N78ERZGnHw41d:93VRqxamvSm/o97/RInHh

Malware Config

Targets

    • Target

      PO#093477.jar

    • Size

      220KB

    • MD5

      a9f7ea02e9ac0ae3efbd5564ebbe62e8

    • SHA1

      63719732ad04043d689fc67bcf5fbb9019988e3b

    • SHA256

      14bbc47ec13a911c8863b379d1ad30232a59c9d6fe79fa2cc7aae2f94dad879d

    • SHA512

      0203c538a03435eae9a22e692520684dec6f61e02d0ce9e4b22587cd8dc9e094b10f9db17fe185ab294ee8d99c4733799de575e76b6e8bd43771858a80a28e37

    • SSDEEP

      6144:93VRqxixsnSCgmvS7lUBNo91N78ERZGnHw41d:93VRqxamvSm/o97/RInHh

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks