strrat | 37dea53db80a227936238a3e43a474a48114b3f209cf2d44606735a5cfecf727 | Triage

Submit
Reports

Overview

overview

Static

static

Signed agr...nts.js

windows7_x64

Signed agr...nts.js

windows10_x64

Sharing

General

Target

Signed agreement documents.js
Size

272KB
Sample

211205-h9qejscbbk
MD5

c15a7e48753b74413ffd8c4bedebf689
SHA1

0673e275a19a4f35b09c24941cf9baaae57e3b36
SHA256

37dea53db80a227936238a3e43a474a48114b3f209cf2d44606735a5cfecf727
SHA512

e3d7ed11f895999c564d34aba8ae293dae8ab1e3498f32cdbbb6af828d4550971db2c1ab903315461be58afdb0a8fd1f5a7eeea81869f68d473df32b45c2fde0

Score

10^/10

strrat vjw0rm persistence stealer suricata trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

Signed agreement documents.js

Resource

win7-en-20211104

strrat vjw0rm persistence stealer suricata trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Signed agreement documents.js

Resource

win10-en-20211014

vjw0rm persistence trojan worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Signed agreement documents.js
- Size
  
  272KB
- MD5
  
  c15a7e48753b74413ffd8c4bedebf689
- SHA1
  
  0673e275a19a4f35b09c24941cf9baaae57e3b36
- SHA256
  
  37dea53db80a227936238a3e43a474a48114b3f209cf2d44606735a5cfecf727
- SHA512
  
  e3d7ed11f895999c564d34aba8ae293dae8ab1e3498f32cdbbb6af828d4550971db2c1ab903315461be58afdb0a8fd1f5a7eeea81869f68d473df32b45c2fde0
Score

10^/10

strrat vjw0rm persistence stealer suricata trojan worm
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- suricata: ET MALWARE STRRAT CnC Checkin
  suricata: ET MALWARE STRRAT CnC Checkin
  suricata
- Blocklisted process makes network request
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

strratvjw0rmpersistencestealersuricatatrojanworm

behavioral2

vjw0rmpersistencetrojanworm

© 2018-2024

Terms | Privacy