Overview

overview

10

Static

static

1

5af0150495...d8.jar

windows7-x64

1

5af0150495...d8.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f2bc7c3ad4511d285fc70c50a05b0902.bin

  • Size

    475KB

  • Sample

    240614-dlcfkawhpk

  • MD5

    61e67a98ca039225af23a139009ff277

  • SHA1

    30906378db920992334551beeb6e0f29ac438e24

  • SHA256

    29e53614d83271baa6665f31f4c952e22c77dcf303fe5fbe983e16ea009de89f

  • SHA512

    9abd06a7821f4745880884af34e449477633e97775d55b806e3fb78f59b5f69012697cb76bd1c5e452d8827163f344005a40041ce14765ad3b8da1e22dd13d4a

  • SSDEEP

    12288:n1ykHhzmSQEy8VGjJDf3eVA1916znf+9gEVkL33oCDKtiJun:nf0SXTuJDfuV6gf+9gekL33oqm

Score
10/10
strratdiscoverypersistencestealertrojan

Malware Config

Targets

    • Target

      5af01504959b39b2f98ae92238fff4d9580eaa1d61a555da6b3e697dbcb1bbd8.jar

    • Size

      481KB

    • MD5

      f2bc7c3ad4511d285fc70c50a05b0902

    • SHA1

      3c6a1ce4ad140df0b3c14a192ced9feeaa8f9618

    • SHA256

      5af01504959b39b2f98ae92238fff4d9580eaa1d61a555da6b3e697dbcb1bbd8

    • SHA512

      d7e2cb4e458c3dcff94a3b484860a81d9eb1dd4269cd055912c5fff921aa249e62a7a65b023a45f52de1e13553ae2de4d2659ba6085358d0a39941d4022b4978

    • SSDEEP

      12288:ualS3KeQSPEYtvPYpFMRb5h3pCSt1kQB+W5Kcr:uSS3lb3YIRoM+Wv

    Score
    10/10
    strratdiscoverypersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks