General

  • Target

    cdddb72528ea0f9535676df3b408ba6bf4a8bf8b7d6a0ed6f74950c5300ab049.jar

  • Size

    452KB

  • Sample

    240531-b1992aac9v

  • MD5

    42fd31ecef528cdfadc0c2029acd4dd3

  • SHA1

    19712ae2e86368ee1bdad8bcad63bd0737f1ea29

  • SHA256

    cdddb72528ea0f9535676df3b408ba6bf4a8bf8b7d6a0ed6f74950c5300ab049

  • SHA512

    ad11734d8c8d325e326ad3e098931236780f2ea91910f0af538f17648a6ebc26e93b068f84eea254f55d992365526624a18006a6317bd2b8f41f1b01c493477f

  • SSDEEP

    12288:KU+rjFbxSTrH/MD8nAQaGroLs1zYJMhTQaQZbX6I:2jFbxurfOAqKoLslYJMhTQaMzl

Malware Config

Targets

    • Target

      cdddb72528ea0f9535676df3b408ba6bf4a8bf8b7d6a0ed6f74950c5300ab049.jar

    • Size

      452KB

    • MD5

      42fd31ecef528cdfadc0c2029acd4dd3

    • SHA1

      19712ae2e86368ee1bdad8bcad63bd0737f1ea29

    • SHA256

      cdddb72528ea0f9535676df3b408ba6bf4a8bf8b7d6a0ed6f74950c5300ab049

    • SHA512

      ad11734d8c8d325e326ad3e098931236780f2ea91910f0af538f17648a6ebc26e93b068f84eea254f55d992365526624a18006a6317bd2b8f41f1b01c493477f

    • SSDEEP

      12288:KU+rjFbxSTrH/MD8nAQaGroLs1zYJMhTQaQZbX6I:2jFbxurfOAqKoLslYJMhTQaMzl

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks