Overview

overview

10

Static

static

1

MT0128.jar

windows7-x64

3

MT0128.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b48814c04436a453853fc1e341a8e6c_JaffaCakes118

  • Size

    232KB

  • Sample

    240724-mmqt1svcqf

  • MD5

    6b48814c04436a453853fc1e341a8e6c

  • SHA1

    677d2a922293436ea50b026b084654cfdf71df0d

  • SHA256

    bfc6342c5892fdd67012f182184b9c1db8e0b8f77532cb6f08e2ab21e303c21f

  • SHA512

    e5c275fb3877d015082a7dc3eaba907da4aca13f5f13d8081d4502411df028debc4d57f46a49c5762c0177b62ac6a2f9e8c7aca36fcd7fad75b46e64395af030

  • SSDEEP

    3072:ygymzYB9EWLmW+2ZOpHu3Z6F268l382MvwmSB3YAAro1+sumh3gKAseMRKZSHXF0:yfmMpLI2ZOo6D8lM8m75oL12+0cEnl

Score
10/10
strratexecutionpersistencestealertrojan

Malware Config

Targets

    • Target

      MT0128.jar

    • Size

      175KB

    • MD5

      641fdb5107c6bf1464e504b104f4212e

    • SHA1

      28d6a378737161239d1baccb676139465371e5b4

    • SHA256

      d442f0733815e462aeaa718e6892f825ec32b82f6eb72c78fafb64746a59c397

    • SHA512

      c7b770915cf7ebe17accb79c93a2f19790594ace9a775e7b705e2758428e9a98f662d92fff5f2b71dfef8591e012de9c7feec6df584a994cff657384fbe08208

    • SSDEEP

      3072:C8MUKfL6brZYAogfu8PTO90GEUTX27X5G0mvQmriWDLKsmLnIEvj3+UwGABMEDsi:C/VYYAVfhO90GEUTW5qQmGWqsmLnT7+D

    Score
    10/10
    executionstrratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks