General

  • Target

    42b99bbf0961d2c5a4dfeeea07f85733eed2ce2f5571904453ae56c4e6e90c7f.jar

  • Size

    400KB

  • Sample

    240821-bw2gbstcqd

  • MD5

    f6b06af9e65718cfa313431a653f4663

  • SHA1

    b4ee8f08a515201ad692c2252f8259611ae245a3

  • SHA256

    42b99bbf0961d2c5a4dfeeea07f85733eed2ce2f5571904453ae56c4e6e90c7f

  • SHA512

    989f546273b1ed0beabb85de886c0edf24f95f605a1c33c0457e900af4f86100b27398dc94a2fdc5b99c5075755d13a75e3535c6912350efaaf6d1077ce21a63

  • SSDEEP

    12288:WXN+HTi58brPDRsjv7L35TCjcjNP9iNau:WdaTi5SCnpnP9Qx

Malware Config

Targets

    • Target

      42b99bbf0961d2c5a4dfeeea07f85733eed2ce2f5571904453ae56c4e6e90c7f.jar

    • Size

      400KB

    • MD5

      f6b06af9e65718cfa313431a653f4663

    • SHA1

      b4ee8f08a515201ad692c2252f8259611ae245a3

    • SHA256

      42b99bbf0961d2c5a4dfeeea07f85733eed2ce2f5571904453ae56c4e6e90c7f

    • SHA512

      989f546273b1ed0beabb85de886c0edf24f95f605a1c33c0457e900af4f86100b27398dc94a2fdc5b99c5075755d13a75e3535c6912350efaaf6d1077ce21a63

    • SSDEEP

      12288:WXN+HTi58brPDRsjv7L35TCjcjNP9iNau:WdaTi5SCnpnP9Qx

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks