Overview

overview

10

Static

static

1

Scott_Holl...df.jar

windows7-x64

1

Scott_Holl...df.jar

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Scott_Holland Docs-pdf.jar

  • Size

    400KB

  • Sample

    240528-11z7haec8v

  • MD5

    c3d150f278048f86585f8eb5d789f318

  • SHA1

    4e93e46002f905b1c8f9beedbd2429042eaa2127

  • SHA256

    4c13989c2d53b7620ed8b05d661239b59c181c905fc699a8be04ba735a7676e0

  • SHA512

    296acfc2f122e77f95080ee495253f199a7326d0f3a2f46722a7b7b180b0d4bc10d0f990c363557bdf0d8487a79e1589c575495f5d930e5afc89484766aeb64e

  • SSDEEP

    12288:USEIHTp5xGiODZk2v7I3RFCDcxVP9iNC2:UxMTp5bMsB3P9Qv

Score
10/10
strratcollectiondiscoverypersistencestealertrojan

Malware Config

Targets

    • Target

      Scott_Holland Docs-pdf.jar

    • Size

      400KB

    • MD5

      c3d150f278048f86585f8eb5d789f318

    • SHA1

      4e93e46002f905b1c8f9beedbd2429042eaa2127

    • SHA256

      4c13989c2d53b7620ed8b05d661239b59c181c905fc699a8be04ba735a7676e0

    • SHA512

      296acfc2f122e77f95080ee495253f199a7326d0f3a2f46722a7b7b180b0d4bc10d0f990c363557bdf0d8487a79e1589c575495f5d930e5afc89484766aeb64e

    • SSDEEP

      12288:USEIHTp5xGiODZk2v7I3RFCDcxVP9iNC2:UxMTp5bMsB3P9Qv

    Score
    10/10
    strratcollectiondiscoverypersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks