General

  • Target

    ratd.js

  • Size

    881KB

  • Sample

    211125-pztsjsaeg3

  • MD5

    57f40bda9c26cac45157ae7502cceecd

  • SHA1

    6af4aa184cb1eb93feb2f3c75cd482fab518c316

  • SHA256

    026b19fdc75b76cd696be8a3447a5d23a944a7f99000e7fae1fa3f6148913ff3

  • SHA512

    a5837bb0f0e5cc386edb10109a5e1112e97907566073195b04227f88a50335bf3e65c987d0c11fe49fd617248b02fc386e32fe4837c913cc29c9e421cfc8e662

Malware Config

Targets

    • Target

      ratd.js

    • Size

      881KB

    • MD5

      57f40bda9c26cac45157ae7502cceecd

    • SHA1

      6af4aa184cb1eb93feb2f3c75cd482fab518c316

    • SHA256

      026b19fdc75b76cd696be8a3447a5d23a944a7f99000e7fae1fa3f6148913ff3

    • SHA512

      a5837bb0f0e5cc386edb10109a5e1112e97907566073195b04227f88a50335bf3e65c987d0c11fe49fd617248b02fc386e32fe4837c913cc29c9e421cfc8e662

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks