General

  • Target

    proof of payment.jar

  • Size

    124KB

  • Sample

    240821-erx5wszajh

  • MD5

    9b6b8d9e9c4a78a56dd7f3ff3910d123

  • SHA1

    063bc159f1a611329e1713b4dd464589311f4ac4

  • SHA256

    7a85be46c2ea87761f8453850accabed698b20ae24994e3f36a9d4fa4b34e1ad

  • SHA512

    4a0980b766efb187a4869685bb986f20111268282f80da1c287cbbadb50e6eaba8d2ce46733e627530826d367a13d5351f08eabe48830445925ddbd3be189026

  • SSDEEP

    3072:DqZlIC+q92TZzGmr3EyyF5cRAzDLmiLqnp8559FX:exT2ZDDExDLFenG3FX

Malware Config

Targets

    • Target

      proof of payment.jar

    • Size

      124KB

    • MD5

      9b6b8d9e9c4a78a56dd7f3ff3910d123

    • SHA1

      063bc159f1a611329e1713b4dd464589311f4ac4

    • SHA256

      7a85be46c2ea87761f8453850accabed698b20ae24994e3f36a9d4fa4b34e1ad

    • SHA512

      4a0980b766efb187a4869685bb986f20111268282f80da1c287cbbadb50e6eaba8d2ce46733e627530826d367a13d5351f08eabe48830445925ddbd3be189026

    • SSDEEP

      3072:DqZlIC+q92TZzGmr3EyyF5cRAzDLmiLqnp8559FX:exT2ZDDExDLFenG3FX

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks