Overview

overview

10

Static

static

1

PO#093477.jar

windows7-x64

3

PO#093477.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#093477.jar

  • Size

    220KB

  • Sample

    240514-jdjgssff67

  • MD5

    a9f7ea02e9ac0ae3efbd5564ebbe62e8

  • SHA1

    63719732ad04043d689fc67bcf5fbb9019988e3b

  • SHA256

    14bbc47ec13a911c8863b379d1ad30232a59c9d6fe79fa2cc7aae2f94dad879d

  • SHA512

    0203c538a03435eae9a22e692520684dec6f61e02d0ce9e4b22587cd8dc9e094b10f9db17fe185ab294ee8d99c4733799de575e76b6e8bd43771858a80a28e37

  • SSDEEP

    6144:93VRqxixsnSCgmvS7lUBNo91N78ERZGnHw41d:93VRqxamvSm/o97/RInHh

Score
10/10
strratdiscoveryexecutionpersistencestealertrojan

Malware Config

Targets

    • Target

      PO#093477.jar

    • Size

      220KB

    • MD5

      a9f7ea02e9ac0ae3efbd5564ebbe62e8

    • SHA1

      63719732ad04043d689fc67bcf5fbb9019988e3b

    • SHA256

      14bbc47ec13a911c8863b379d1ad30232a59c9d6fe79fa2cc7aae2f94dad879d

    • SHA512

      0203c538a03435eae9a22e692520684dec6f61e02d0ce9e4b22587cd8dc9e094b10f9db17fe185ab294ee8d99c4733799de575e76b6e8bd43771858a80a28e37

    • SSDEEP

      6144:93VRqxixsnSCgmvS7lUBNo91N78ERZGnHw41d:93VRqxamvSm/o97/RInHh

    Score
    10/10
    executionstrratdiscoverypersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks