General

  • Target

    0f359450e399eff8b4b9ae323a4e7a6569426735f3824a13756972f1b10d2606.jar

  • Size

    481KB

  • Sample

    240603-rj1l9sae43

  • MD5

    2820aab595357470035ace68dcb120ca

  • SHA1

    3954643aaa5dde5ee8079728905843cd175e9e84

  • SHA256

    0f359450e399eff8b4b9ae323a4e7a6569426735f3824a13756972f1b10d2606

  • SHA512

    b57d9025095815761dc267f0731e55fae41bea3becb134e1e5e9649f67ff5fb423ad0b36206a861b179b8053973188e1ebe39ad3076fed481811f1fd8a775ab6

  • SSDEEP

    12288:yVlmvKeQSPE8hj7oxFQRb5hzxCOJpk8FiWhKc9:yHmvlnnoMlckiWp

Malware Config

Targets

    • Target

      0f359450e399eff8b4b9ae323a4e7a6569426735f3824a13756972f1b10d2606.jar

    • Size

      481KB

    • MD5

      2820aab595357470035ace68dcb120ca

    • SHA1

      3954643aaa5dde5ee8079728905843cd175e9e84

    • SHA256

      0f359450e399eff8b4b9ae323a4e7a6569426735f3824a13756972f1b10d2606

    • SHA512

      b57d9025095815761dc267f0731e55fae41bea3becb134e1e5e9649f67ff5fb423ad0b36206a861b179b8053973188e1ebe39ad3076fed481811f1fd8a775ab6

    • SSDEEP

      12288:yVlmvKeQSPE8hj7oxFQRb5hzxCOJpk8FiWhKc9:yHmvlnnoMlckiWp

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks