General

  • Target

    PO202104-114.js

  • Size

    202KB

  • Sample

    211202-kmltysddhk

  • MD5

    4f7a5f22ef09e3fd02fc432d51ba12db

  • SHA1

    bc55e8c16a3135feb3a0acb9a0e72e48e59e12df

  • SHA256

    9f3abf6dd5ae995b5e1d5cdd6457ab61a95fa689b5fbac4c57916a547e1d3c5a

  • SHA512

    bd59013fcd969385f455e371b3317a912b1330cd1af87201af863ac0a3f0e8872846b7cf8fccbc87986151f9694393720ee9e7a43933c2c137a0729447513128

Malware Config

Targets

    • Target

      PO202104-114.js

    • Size

      202KB

    • MD5

      4f7a5f22ef09e3fd02fc432d51ba12db

    • SHA1

      bc55e8c16a3135feb3a0acb9a0e72e48e59e12df

    • SHA256

      9f3abf6dd5ae995b5e1d5cdd6457ab61a95fa689b5fbac4c57916a547e1d3c5a

    • SHA512

      bd59013fcd969385f455e371b3317a912b1330cd1af87201af863ac0a3f0e8872846b7cf8fccbc87986151f9694393720ee9e7a43933c2c137a0729447513128

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks