Overview

overview

10

Static

static

1

838feba9c3...67.jar

windows7-x64

1

838feba9c3...67.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    188614b72a3baaf3f018157d12223538.bin

  • Size

    446KB

  • Sample

    240609-bywc4acc35

  • MD5

    42bbf145efcb28bb7c91b7f878777fb6

  • SHA1

    404c49791dc418292c47150254fbdbe1602f69c0

  • SHA256

    1847a38c398627e27e150b1982599c83f7ee7cbf61b6554f3f6b3d2e06579dd4

  • SHA512

    a1e99acf3674a8121f5bd491c0e7f69fdcf238d3e410c2853847b57c0ed3394ea04f6299b0f1c2146f2a34682758ac45ead543909ab1a6242348c87957da5618

  • SSDEEP

    12288:fviIZPpD4vHbRQB1WmodERmHrni3biyl25f+5zOZw7:niIvDaHlQB1WmFRUm+GFL

Score
10/10
strratdiscoverypersistencestealertrojan

Malware Config

Targets

    • Target

      838feba9c3f59776a04d380c1f94f7d93a84e8256ce07d94482528d373470667.zip

    • Size

      452KB

    • MD5

      188614b72a3baaf3f018157d12223538

    • SHA1

      f9d7a5a4f743c4d22f6563436761912dacba2a90

    • SHA256

      838feba9c3f59776a04d380c1f94f7d93a84e8256ce07d94482528d373470667

    • SHA512

      988445b15fc4b3a9fe28a15c859becaaf3692ec76399e17618e9d1382d73f85549130801210b82e41b76c779bc4ea2bc94c4fafe6a462510d4a0ccc75945e8c8

    • SSDEEP

      12288:CU9r+Wu+x8qH/M10nJQpGrodvkg3/MhGQt3j0dWT:X+Wu+KqfkY6Kodvx3/MhGQtzms

    Score
    10/10
    strratdiscoverypersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks