General
-
Target
721d706017e834c41a0bc230813c4ebc_JaffaCakes118
-
Size
169KB
-
Sample
240726-b5qfesycnl
-
MD5
721d706017e834c41a0bc230813c4ebc
-
SHA1
47e2e1675ef53382fc2c7d2454422f821248d43f
-
SHA256
2be16da829fd4bf627be3b5173ed0303f13175b4bff59d0913a88ed28ff6a521
-
SHA512
0b34a563bff43d081302383562465d511fdbd88522433c0445bc90e5ae4cb8c1b51281671d8be316df2d7331004e627a46c55fd7c57ce72f602a8df36db4c219
-
SSDEEP
3072:j0QguaVhPsSwpy7+e1o1puU+ovb6ErCyBTdaPITY6aTM6Hfw:j0zhUS4FL7xb6QZgPNT5I
Malware Config
Targets
-
-
Target
MT0128.jar
-
Size
175KB
-
MD5
641fdb5107c6bf1464e504b104f4212e
-
SHA1
28d6a378737161239d1baccb676139465371e5b4
-
SHA256
d442f0733815e462aeaa718e6892f825ec32b82f6eb72c78fafb64746a59c397
-
SHA512
c7b770915cf7ebe17accb79c93a2f19790594ace9a775e7b705e2758428e9a98f662d92fff5f2b71dfef8591e012de9c7feec6df584a994cff657384fbe08208
-
SSDEEP
3072:C8MUKfL6brZYAogfu8PTO90GEUTX27X5G0mvQmriWDLKsmLnIEvj3+UwGABMEDsi:C/VYYAVfhO90GEUTW5qQmGWqsmLnT7+D
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1