Overview

overview

10

Static

static

1

0f359450e3...06.jar

windows7-x64

1

0f359450e3...06.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f359450e399eff8b4b9ae323a4e7a6569426735f3824a13756972f1b10d2606.jar

  • Size

    481KB

  • Sample

    240603-bc68gadd91

  • MD5

    2820aab595357470035ace68dcb120ca

  • SHA1

    3954643aaa5dde5ee8079728905843cd175e9e84

  • SHA256

    0f359450e399eff8b4b9ae323a4e7a6569426735f3824a13756972f1b10d2606

  • SHA512

    b57d9025095815761dc267f0731e55fae41bea3becb134e1e5e9649f67ff5fb423ad0b36206a861b179b8053973188e1ebe39ad3076fed481811f1fd8a775ab6

  • SSDEEP

    12288:yVlmvKeQSPE8hj7oxFQRb5hzxCOJpk8FiWhKc9:yHmvlnnoMlckiWp

Score
10/10
strratcollectiondiscoverypersistencestealertrojan

Malware Config

Targets

    • Target

      0f359450e399eff8b4b9ae323a4e7a6569426735f3824a13756972f1b10d2606.jar

    • Size

      481KB

    • MD5

      2820aab595357470035ace68dcb120ca

    • SHA1

      3954643aaa5dde5ee8079728905843cd175e9e84

    • SHA256

      0f359450e399eff8b4b9ae323a4e7a6569426735f3824a13756972f1b10d2606

    • SHA512

      b57d9025095815761dc267f0731e55fae41bea3becb134e1e5e9649f67ff5fb423ad0b36206a861b179b8053973188e1ebe39ad3076fed481811f1fd8a775ab6

    • SSDEEP

      12288:yVlmvKeQSPE8hj7oxFQRb5hzxCOJpk8FiWhKc9:yHmvlnnoMlckiWp

    Score
    10/10
    strratcollectiondiscoverypersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks