General

  • Target

    Request For Quotation.js

  • Size

    184KB

  • Sample

    211122-mbc4safcbl

  • MD5

    b4949dfc80ee8cbd5c4f20d1373b34b1

  • SHA1

    c443ad02af650812265fdf0bcab2e85e7f32f163

  • SHA256

    052466314dfe1df7058cbe5ced05cbfa501784b43ade230ada53274270cd563f

  • SHA512

    a3b863e154b814b45b56d0a3ae3f2a8c87f37fa234f5cf06def6e12c6062bebfe90f7d39cb00ec0ddf9adb5f94b8fe1d180386330bab7a80e6ded7de92d4c19d

Malware Config

Targets

    • Target

      Request For Quotation.js

    • Size

      184KB

    • MD5

      b4949dfc80ee8cbd5c4f20d1373b34b1

    • SHA1

      c443ad02af650812265fdf0bcab2e85e7f32f163

    • SHA256

      052466314dfe1df7058cbe5ced05cbfa501784b43ade230ada53274270cd563f

    • SHA512

      a3b863e154b814b45b56d0a3ae3f2a8c87f37fa234f5cf06def6e12c6062bebfe90f7d39cb00ec0ddf9adb5f94b8fe1d180386330bab7a80e6ded7de92d4c19d

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • suricata: ET MALWARE STRRAT CnC Checkin

      suricata: ET MALWARE STRRAT CnC Checkin

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks