General

  • Target

    c3b27ba76af8fec666012c88a8c7a72a428315d8d475b7cf8a4e2e2b6e8b20cf.jar

  • Size

    400KB

  • Sample

    240822-mw29eawapm

  • MD5

    247581cc28bdbd4d432669ca5d588163

  • SHA1

    da0fb4d2b9659436cdad587689a26600aa52fe20

  • SHA256

    c3b27ba76af8fec666012c88a8c7a72a428315d8d475b7cf8a4e2e2b6e8b20cf

  • SHA512

    68281c5c48f0333943d24ad9d1e54196dbe809d43e3f9a170ee22cfc7b51350be001f7a68285e33752684ca00568419442c6bc05994f78e56bb32338e2f024e8

  • SSDEEP

    12288:QQeEHTT5f4YEDBA8v7m3zaWLckXP9iN43:QJgTT59ISjFP9Qu

Malware Config

Targets

    • Target

      c3b27ba76af8fec666012c88a8c7a72a428315d8d475b7cf8a4e2e2b6e8b20cf.jar

    • Size

      400KB

    • MD5

      247581cc28bdbd4d432669ca5d588163

    • SHA1

      da0fb4d2b9659436cdad587689a26600aa52fe20

    • SHA256

      c3b27ba76af8fec666012c88a8c7a72a428315d8d475b7cf8a4e2e2b6e8b20cf

    • SHA512

      68281c5c48f0333943d24ad9d1e54196dbe809d43e3f9a170ee22cfc7b51350be001f7a68285e33752684ca00568419442c6bc05994f78e56bb32338e2f024e8

    • SSDEEP

      12288:QQeEHTT5f4YEDBA8v7m3zaWLckXP9iN43:QJgTT59ISjFP9Qu

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks