General

  • Target

    Proof of payment.js

  • Size

    182KB

  • Sample

    211116-mkyrvadcc8

  • MD5

    f6f383f83197dcd81059162d814d811c

  • SHA1

    520b5a85eaf292084572e48c61c2f58099c48e8a

  • SHA256

    2cb04cb6813e7b758f1fc21bb33866d83d39ddce040ec40145ec00da799afa9e

  • SHA512

    f969adb29ddcd7260439d169fb2abf6d31d9f39d4afed150c5307a4243efa5313231729a0301238294c65584ec4576d70a283cad0bfb7fc521b302dff59bcfc8

Malware Config

Targets

    • Target

      Proof of payment.js

    • Size

      182KB

    • MD5

      f6f383f83197dcd81059162d814d811c

    • SHA1

      520b5a85eaf292084572e48c61c2f58099c48e8a

    • SHA256

      2cb04cb6813e7b758f1fc21bb33866d83d39ddce040ec40145ec00da799afa9e

    • SHA512

      f969adb29ddcd7260439d169fb2abf6d31d9f39d4afed150c5307a4243efa5313231729a0301238294c65584ec4576d70a283cad0bfb7fc521b302dff59bcfc8

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks