Overview

overview

10

Static

static

10

Invoice.jar

windows7-x64

1

Invoice.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice.jar

  • Size

    203KB

  • Sample

    240630-j6pjhsycpr

  • MD5

    e61042273c1bd9c0a7ea0bc9148cde03

  • SHA1

    4a00bf1ff4bb6f308556a383f70bd67bd6a87282

  • SHA256

    af3a6b35935ec9a991e853f2a386e38bd91d5d2f2d9c35cb6ca5b1481cb5ec45

  • SHA512

    da27c7f1293b4817b2a17f4ec50e7729345f828f0e8141bde37c0be86decb535f93eccaabec15a4048755f5ba1a397a142a8bfab0df422370de14a74bb14a263

  • SSDEEP

    3072:iV+8Cg5sDtvolhhIMNQLfdDqrp81gYNJk4uzY+JqtT0zPLoBsWfTyjn+:sjStvGhXNjt81gYNqNcpYzP0WWfT4+

Score
10/10
strratdiscoverypersistencestealertrojan

Malware Config

Targets

    • Target

      Invoice.jar

    • Size

      203KB

    • MD5

      e61042273c1bd9c0a7ea0bc9148cde03

    • SHA1

      4a00bf1ff4bb6f308556a383f70bd67bd6a87282

    • SHA256

      af3a6b35935ec9a991e853f2a386e38bd91d5d2f2d9c35cb6ca5b1481cb5ec45

    • SHA512

      da27c7f1293b4817b2a17f4ec50e7729345f828f0e8141bde37c0be86decb535f93eccaabec15a4048755f5ba1a397a142a8bfab0df422370de14a74bb14a263

    • SSDEEP

      3072:iV+8Cg5sDtvolhhIMNQLfdDqrp81gYNJk4uzY+JqtT0zPLoBsWfTyjn+:sjStvGhXNjt81gYNqNcpYzP0WWfT4+

    Score
    10/10
    strratdiscoverypersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks