General

  • Target

    Purchase Order.js

  • Size

    182KB

  • Sample

    211117-hcxscseedk

  • MD5

    8826c639ae62bff0d5dd539b27e644be

  • SHA1

    361925a599cd93ecdccbaa198259e867c6149642

  • SHA256

    164adfc0ca7532418e87f0ddc2d511b2cd301883453848614d0d32ab3b407ae0

  • SHA512

    4e76f4e72c2cc8bbe06ed4b4faba04bccb22999327f27d38ba6e988d366881fb0b56728b11fffa4b677f7829c7cb6a3daf94e857eb0c1cfa7570ffc11d60238a

Malware Config

Targets

    • Target

      Purchase Order.js

    • Size

      182KB

    • MD5

      8826c639ae62bff0d5dd539b27e644be

    • SHA1

      361925a599cd93ecdccbaa198259e867c6149642

    • SHA256

      164adfc0ca7532418e87f0ddc2d511b2cd301883453848614d0d32ab3b407ae0

    • SHA512

      4e76f4e72c2cc8bbe06ed4b4faba04bccb22999327f27d38ba6e988d366881fb0b56728b11fffa4b677f7829c7cb6a3daf94e857eb0c1cfa7570ffc11d60238a

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • suricata: ET MALWARE STRRAT CnC Checkin

      suricata: ET MALWARE STRRAT CnC Checkin

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks