General

  • Target

    Quotation Request.js

  • Size

    182KB

  • Sample

    211126-vkpsyadfcr

  • MD5

    139a802a41a3cf3b519da12477dda186

  • SHA1

    8ad3d729e90795304bd7920e17d3ea8f54f2baf2

  • SHA256

    636cb98f6293e4bebf2cc5ec0bef87f081dd9002ebbc26f0f0253ac7cfb0cee2

  • SHA512

    c044b6d696f79e2bf766a4e0d90c488df1406ccfd327e424c2479d06970a8182041dc6912cf7df11874c88a9ce77ba4ad9d44c034dbdb5287120f4f1212d30b1

Malware Config

Targets

    • Target

      Quotation Request.js

    • Size

      182KB

    • MD5

      139a802a41a3cf3b519da12477dda186

    • SHA1

      8ad3d729e90795304bd7920e17d3ea8f54f2baf2

    • SHA256

      636cb98f6293e4bebf2cc5ec0bef87f081dd9002ebbc26f0f0253ac7cfb0cee2

    • SHA512

      c044b6d696f79e2bf766a4e0d90c488df1406ccfd327e424c2479d06970a8182041dc6912cf7df11874c88a9ce77ba4ad9d44c034dbdb5287120f4f1212d30b1

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • suricata: ET MALWARE STRRAT CnC Checkin

      suricata: ET MALWARE STRRAT CnC Checkin

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks