adwind | e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae | Triage

Submit
Reports

Overview

overview

Static

static

e4bc1b6f2e...ae.jar

windows7-x64

3

e4bc1b6f2e...ae.jar

windows10-2004-x64

Resubmissions

21-06-2024 17:49

240621-wea82ayeph 10

09-06-2024 09:22

240609-lb4fasgf3w 10

Sharing

General

Target

e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae.jar
Size

123KB
Sample

240621-wea82ayeph
MD5

6a6bcf5dbe9ee0e68969958ca3565122
SHA1

c515cd6309bdff8f1b7b996f0846eae3ea27b768
SHA256

e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae
SHA512

2dc5021ce4e033a1ae67ec2905b3acb7b237c3a00bebe54b030f461675ceb570e738743348a889ea3400b7d01e6261edb5d835c4759914960ae29cbba98a00a6
SSDEEP

3072:4+1ksmuRo+BmpH7Rx/inqhzlE0EP5vdRGXVIJeouw:2sHbmpRgnqhzPEP5vbGXiuw

Score

10^/10

adwind strrat discovery execution persistence stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae.jar

Resource

win7-20240221-en

windows7-x64

3 signatures

300 seconds

Behavioral task

behavioral2

Sample

e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae.jar

Resource

win10v2004-20240611-en

strrat discovery execution persistence stealer trojan

windows10-2004-x64

23 signatures

300 seconds

Malware Config

Targets

- Target
  
  e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae.jar
- Size
  
  123KB
- MD5
  
  6a6bcf5dbe9ee0e68969958ca3565122
- SHA1
  
  c515cd6309bdff8f1b7b996f0846eae3ea27b768
- SHA256
  
  e4bc1b6f2e541e90a1ed736284d2e383fcb739f10466b1fdd390211e01ed4dae
- SHA512
  
  2dc5021ce4e033a1ae67ec2905b3acb7b237c3a00bebe54b030f461675ceb570e738743348a889ea3400b7d01e6261edb5d835c4759914960ae29cbba98a00a6
- SSDEEP
  
  3072:4+1ksmuRo+BmpH7Rx/inqhzlE0EP5vdRGXVIJeouw:2sHbmpRgnqhzPEP5vbGXiuw
Score

10^/10

execution strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoveryexecutionpersistencestealertrojan

© 2018-2024

Terms | Privacy