Overview

overview

10

Static

static

1

eae69705ed...22.jar

windows7-x64

1

eae69705ed...22.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eae69705ed61be5ff9feac833744b9a959d0ac6926374688ec16bbd2d388e922.jar

  • Size

    448KB

  • Sample

    240611-b1r4fszdlj

  • MD5

    65461b02a5858ed5815974518cf5029e

  • SHA1

    645ef883b4799c9abab2a9691369551e1c20fb75

  • SHA256

    eae69705ed61be5ff9feac833744b9a959d0ac6926374688ec16bbd2d388e922

  • SHA512

    903fbfd221e924d75c9586b80141da74288b7996fbf3e27d1b8c22d83ab60cec3101616d80cd5159e79033df2abd2d72ee0fc50c396e818ce35b1a3b3e5e7d93

  • SSDEEP

    12288:MG5PgziyrEC28Cab2WJK6PUNSbGTwKp45:2GyQC28CadJ/PYSbyFo

Score
10/10
strratdiscoverypersistencestealertrojan

Malware Config

Targets

    • Target

      eae69705ed61be5ff9feac833744b9a959d0ac6926374688ec16bbd2d388e922.jar

    • Size

      448KB

    • MD5

      65461b02a5858ed5815974518cf5029e

    • SHA1

      645ef883b4799c9abab2a9691369551e1c20fb75

    • SHA256

      eae69705ed61be5ff9feac833744b9a959d0ac6926374688ec16bbd2d388e922

    • SHA512

      903fbfd221e924d75c9586b80141da74288b7996fbf3e27d1b8c22d83ab60cec3101616d80cd5159e79033df2abd2d72ee0fc50c396e818ce35b1a3b3e5e7d93

    • SSDEEP

      12288:MG5PgziyrEC28Cab2WJK6PUNSbGTwKp45:2GyQC28CadJ/PYSbyFo

    Score
    10/10
    strratdiscoverypersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks