strrat | e817bd6a89f5bc3ee448e3c39e5c4739cf010bb815d087ecdd1b5e1f30c04959 | Triage

Submit
Reports

Overview

overview

Static

static

js-decoded-1.js

windows7_x64

js-decoded-1.js

windows10_x64

Sharing

General

Target

js-decoded-1.js
Size

346KB
Sample

211208-tkyv6sgcc8
MD5

241d3041e2bb264cf886eff9fc3de24e
SHA1

7f3fe68b0ef727fca62441cff8eea28c5cd51941
SHA256

e817bd6a89f5bc3ee448e3c39e5c4739cf010bb815d087ecdd1b5e1f30c04959
SHA512

078b8f61b2afeefdf283d6e8f6b33986fc3500788b8d77e7672fc6aae70221ac140d850f91401a3e65a8996f49b4c9babdabac7071d7ea40adc84c62e9bbddc0

Score

10^/10

strrat vjw0rm persistence stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

js-decoded-1.js

Resource

win7-en-20211208

strrat vjw0rm persistence stealer trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

js-decoded-1.js

Resource

win10-en-20211208

vjw0rm persistence trojan worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  js-decoded-1.js
- Size
  
  346KB
- MD5
  
  241d3041e2bb264cf886eff9fc3de24e
- SHA1
  
  7f3fe68b0ef727fca62441cff8eea28c5cd51941
- SHA256
  
  e817bd6a89f5bc3ee448e3c39e5c4739cf010bb815d087ecdd1b5e1f30c04959
- SHA512
  
  078b8f61b2afeefdf283d6e8f6b33986fc3500788b8d77e7672fc6aae70221ac140d850f91401a3e65a8996f49b4c9babdabac7071d7ea40adc84c62e9bbddc0
Score

10^/10

strrat vjw0rm persistence stealer trojan worm
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

strratvjw0rmpersistencestealertrojanworm

behavioral2

vjw0rmpersistencetrojanworm

© 2018-2024

Terms | Privacy