Overview

overview

10

Static

static

1

Drehmaschi...00.jar

windows7-x64

3

Drehmaschi...00.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    449645ab23c9efba0e124fc84886d1ad_JaffaCakes118

  • Size

    119KB

  • Sample

    240515-fdzx1ahg4y

  • MD5

    449645ab23c9efba0e124fc84886d1ad

  • SHA1

    cc176c6000ba10cc77860f03f8f3e3807679835f

  • SHA256

    b4e1b6a7d26522b67e97b15c39f225c7a4436de950b5f3d6b1e19825df7db692

  • SHA512

    0c9b8584943b530ff75576797566c45fc97563edc5279fe9832963577f6e6b154e1f7f7829972739e19628a616f053e7cb5cb53ad320ca18affc3f0711413131

  • SSDEEP

    3072:1FjR4nVC2Joh6RnOs+JEWgn3GQp6MAzTBaW5U0yL:1zBM+s+eWcGQzuBaW5eL

Score
10/10
strratdiscoveryexecutionpersistencestealertrojan

Malware Config

Targets

    • Target

      Drehmaschinen - zyklengesteuert P B R T 30 SNC x 1500.jar

    • Size

      119KB

    • MD5

      339a7b500a211b0160b2354fd81a670d

    • SHA1

      1c1427a18c70b605c069d9556a3b00e4213318fc

    • SHA256

      496965b892597c9b16b00333bdb92f7c2c906685a161886f4f03c17623aaa971

    • SHA512

      03cab18af634525636d2e3f25c6ad86947b123b01ec372acee2068451428b914227715f97fcd8eb65d6162cd07ffdd4a2f54e25d6604fe45489ab5a966453ac2

    • SSDEEP

      3072:NFjR4nVC2Toh6RnOe+7EWgnxGQpaMAzpBaW5oX:NzB4+e+oWkGQHaBaW5oX

    Score
    10/10
    executionstrratdiscoverypersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks