Overview

overview

10

Static

static

1

0f359450e3...06.jar

windows7-x64

1

0f359450e3...06.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93f87692f2bd136ae6f3e40aa934a99867701379a44c8a56138de475240f80b6

  • Size

    475KB

  • Sample

    240604-dtg11sca47

  • MD5

    ade1c8f136a1ec983c7c91ad43b43b23

  • SHA1

    710fa10bd10405eee487312f350e6ae2341e192c

  • SHA256

    93f87692f2bd136ae6f3e40aa934a99867701379a44c8a56138de475240f80b6

  • SHA512

    9470b51c018873b0af2be5c2103cf1d5e9aea563de909d498cc2a4df924f928cb4bb71578718a9ed41404f58ce6312cda56b8b51e1892d751442cf0126b9305b

  • SSDEEP

    6144:agrwNvgynuIQ7EhLvVpZwLdS8EdkPwIseCG2lN02JdaCWBzz4GD4oYGsyrObzKZ:gYKuIQ2LvdMdSpWwVvlKFtBz/D4VbeOE

Score
10/10
strratdiscoverypersistencestealertrojan

Malware Config

Targets

    • Target

      0f359450e399eff8b4b9ae323a4e7a6569426735f3824a13756972f1b10d2606.jar

    • Size

      481KB

    • MD5

      2820aab595357470035ace68dcb120ca

    • SHA1

      3954643aaa5dde5ee8079728905843cd175e9e84

    • SHA256

      0f359450e399eff8b4b9ae323a4e7a6569426735f3824a13756972f1b10d2606

    • SHA512

      b57d9025095815761dc267f0731e55fae41bea3becb134e1e5e9649f67ff5fb423ad0b36206a861b179b8053973188e1ebe39ad3076fed481811f1fd8a775ab6

    • SSDEEP

      12288:yVlmvKeQSPE8hj7oxFQRb5hzxCOJpk8FiWhKc9:yHmvlnnoMlckiWp

    Score
    10/10
    strratdiscoverypersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks