Overview

overview

10

Static

static

1

URLScan

urlscan

https://www.drivehq....

windows10-2004-x64

10

Resubmissions

29-05-2024 06:01

240529-gq558ade69 10

29-05-2024 04:44

240529-fcwh7aag8s 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.drivehq.com/file/DFPublishFile.aspx/FileID11321876385/Key0c9cipbgqvll/Telex%20copy.pdf.jar

  • Sample

    240529-gq558ade69

Score
10/10
strratdiscoverypersistencestealertrojan

Malware Config

Targets

    • Target

      https://www.drivehq.com/file/DFPublishFile.aspx/FileID11321876385/Key0c9cipbgqvll/Telex%20copy.pdf.jar

    Score
    10/10
    strratdiscoverypersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks