Overview

overview

10

Static

static

1

5af0150495...d8.jar

windows7-x64

1

5af0150495...d8.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5af01504959b39b2f98ae92238fff4d9580eaa1d61a555da6b3e697dbcb1bbd8.jar

  • Size

    481KB

  • Sample

    240612-tfmmcavcmr

  • MD5

    f2bc7c3ad4511d285fc70c50a05b0902

  • SHA1

    3c6a1ce4ad140df0b3c14a192ced9feeaa8f9618

  • SHA256

    5af01504959b39b2f98ae92238fff4d9580eaa1d61a555da6b3e697dbcb1bbd8

  • SHA512

    d7e2cb4e458c3dcff94a3b484860a81d9eb1dd4269cd055912c5fff921aa249e62a7a65b023a45f52de1e13553ae2de4d2659ba6085358d0a39941d4022b4978

  • SSDEEP

    12288:ualS3KeQSPEYtvPYpFMRb5h3pCSt1kQB+W5Kcr:uSS3lb3YIRoM+Wv

Score
10/10
strratdiscoverypersistencestealertrojan

Malware Config

Targets

    • Target

      5af01504959b39b2f98ae92238fff4d9580eaa1d61a555da6b3e697dbcb1bbd8.jar

    • Size

      481KB

    • MD5

      f2bc7c3ad4511d285fc70c50a05b0902

    • SHA1

      3c6a1ce4ad140df0b3c14a192ced9feeaa8f9618

    • SHA256

      5af01504959b39b2f98ae92238fff4d9580eaa1d61a555da6b3e697dbcb1bbd8

    • SHA512

      d7e2cb4e458c3dcff94a3b484860a81d9eb1dd4269cd055912c5fff921aa249e62a7a65b023a45f52de1e13553ae2de4d2659ba6085358d0a39941d4022b4978

    • SSDEEP

      12288:ualS3KeQSPEYtvPYpFMRb5h3pCSt1kQB+W5Kcr:uSS3lb3YIRoM+Wv

    Score
    10/10
    strratdiscoverypersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks