General
-
Target
19fff8df6f516a8f4238e8da59950d1a29d8eb9c709be012aa6b7c1d100e0c8a.jar
-
Size
400KB
-
Sample
240807-bhzetawfjj
-
MD5
906e5517af46030a70c411c841208ad6
-
SHA1
caecf91a468e492694e54be1f00dd67407c33734
-
SHA256
19fff8df6f516a8f4238e8da59950d1a29d8eb9c709be012aa6b7c1d100e0c8a
-
SHA512
57d081e206ff4f7fb8558c573f323fbce4f132062c714dcb576b96abf03fa37c98f1beae54f12af9cd6fff2abd4321985eae6dbc02c190aa0f7576f6d3b12972
-
SSDEEP
12288:aRrWHTQ5a9ZVDBotv7V3JZCjc9NP9iNSe:aNSTQ5EuJ5vP9QR
Malware Config
Targets
-
-
Target
19fff8df6f516a8f4238e8da59950d1a29d8eb9c709be012aa6b7c1d100e0c8a.jar
-
Size
400KB
-
MD5
906e5517af46030a70c411c841208ad6
-
SHA1
caecf91a468e492694e54be1f00dd67407c33734
-
SHA256
19fff8df6f516a8f4238e8da59950d1a29d8eb9c709be012aa6b7c1d100e0c8a
-
SHA512
57d081e206ff4f7fb8558c573f323fbce4f132062c714dcb576b96abf03fa37c98f1beae54f12af9cd6fff2abd4321985eae6dbc02c190aa0f7576f6d3b12972
-
SSDEEP
12288:aRrWHTQ5a9ZVDBotv7V3JZCjc9NP9iNSe:aNSTQ5EuJ5vP9QR
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1