General

  • Target

    74143635_by_Libranalysis

  • Size

    116KB

  • Sample

    210524-cravm1cmqa

  • MD5

    74143635e4ccd866da6da37710e828c0

  • SHA1

    ea4892ef439b805ce0c8dc477cbb324b66a74d57

  • SHA256

    fcc120cbbbf66a71a9c0e82d20ecfc6c5721b8ccb806755126c321545fd98d38

  • SHA512

    994fd142fda9cc83f15368c6a8793b94099b8ba186f6bd1a5365dbfe6f5308ded20cd2d32eb8bdec3dbdb00d600d67c90512381fb99f2a69b1db4fa3043875d0

Malware Config

Targets

    • Target

      74143635_by_Libranalysis

    • Size

      116KB

    • MD5

      74143635e4ccd866da6da37710e828c0

    • SHA1

      ea4892ef439b805ce0c8dc477cbb324b66a74d57

    • SHA256

      fcc120cbbbf66a71a9c0e82d20ecfc6c5721b8ccb806755126c321545fd98d38

    • SHA512

      994fd142fda9cc83f15368c6a8793b94099b8ba186f6bd1a5365dbfe6f5308ded20cd2d32eb8bdec3dbdb00d600d67c90512381fb99f2a69b1db4fa3043875d0

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks