General
-
Target
d32fd7b9dae043243301bc041980215535fd5208e252c3aec703d43fb1c98ec2.jar
-
Size
282KB
-
Sample
240924-mxybvavgmg
-
MD5
085b0d7b2ab0862abe65c54e50e25415
-
SHA1
c7c215b0a6fb35394ac65ecf2179a8cba70b0164
-
SHA256
d32fd7b9dae043243301bc041980215535fd5208e252c3aec703d43fb1c98ec2
-
SHA512
b23377f973c5c576f04305613d98cfb1a0053ae7239acfe7f6e1a6b7554cf231fbe46caa18db4787e6d59798148e904599d5d2f60863e25d9b1a474ad88f801f
-
SSDEEP
6144:dBG0lV3jUa3QKplCNuVpfgtSUjH2y5Mobu/uHYNUSG:1lV34sQKpl7VVgB2OM1W4N5G
Malware Config
Targets
-
-
Target
d32fd7b9dae043243301bc041980215535fd5208e252c3aec703d43fb1c98ec2.jar
-
Size
282KB
-
MD5
085b0d7b2ab0862abe65c54e50e25415
-
SHA1
c7c215b0a6fb35394ac65ecf2179a8cba70b0164
-
SHA256
d32fd7b9dae043243301bc041980215535fd5208e252c3aec703d43fb1c98ec2
-
SHA512
b23377f973c5c576f04305613d98cfb1a0053ae7239acfe7f6e1a6b7554cf231fbe46caa18db4787e6d59798148e904599d5d2f60863e25d9b1a474ad88f801f
-
SSDEEP
6144:dBG0lV3jUa3QKplCNuVpfgtSUjH2y5Mobu/uHYNUSG:1lV34sQKpl7VVgB2OM1W4N5G
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1