General

  • Target

    Request For Quotation.js

  • Size

    184KB

  • Sample

    211119-x2pwdaedc9

  • MD5

    03f4c561554cab5c5e5f7dbf9e57f7ce

  • SHA1

    9c9eed80f5cc2f86e1b62ecf888dfa0f4b71516e

  • SHA256

    028a2581fc23163d20adea0679aa5473f04630850ea0fc122e73926ec8cb20bb

  • SHA512

    cc217b2e40850d5ff07f4f5087d4394bf52d25c9346ab3b2de3f4df572b1fb6520ebe29058e965313146dbe5daeecaf2d98424c7a1861743f994e6382c328891

Malware Config

Targets

    • Target

      Request For Quotation.js

    • Size

      184KB

    • MD5

      03f4c561554cab5c5e5f7dbf9e57f7ce

    • SHA1

      9c9eed80f5cc2f86e1b62ecf888dfa0f4b71516e

    • SHA256

      028a2581fc23163d20adea0679aa5473f04630850ea0fc122e73926ec8cb20bb

    • SHA512

      cc217b2e40850d5ff07f4f5087d4394bf52d25c9346ab3b2de3f4df572b1fb6520ebe29058e965313146dbe5daeecaf2d98424c7a1861743f994e6382c328891

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks