strrat | 85daaa8ff4820b98c0d1471ed68ab675f2fea97f4d6f6f48a951b4344b9c2b38 | Triage

Submit
Reports

Overview

overview

Static

static

New Price ...df.jar

windows7_x64

New Price ...df.jar

windows10-2004_x64

Sharing

General

Target

New Price List For DStv&GOtv.pdf.jar
Size

189KB
Sample

220118-nkgn1aahd4
MD5

b1d6eafab8240680ef96194944ce3801
SHA1

a9b312e682e43b28d28faf6b66c903ba12dfecf5
SHA256

85daaa8ff4820b98c0d1471ed68ab675f2fea97f4d6f6f48a951b4344b9c2b38
SHA512

af2daaccce5c601f4dae45ea51113eb85cb86b055dbba22bfaf131200c5ecf4f29ff66c42ae7bb1d9d6fd893cb715f1c77734f211f296ef91f98c5fa0ac37cf2

Score

10^/10

strrat vjw0rm collection persistence stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

New Price List For DStv&GOtv.pdf.jar

Resource

win7-en-20211208

strrat vjw0rm collection persistence stealer trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New Price List For DStv&GOtv.pdf.jar

Resource

win10v2004-en-20220112

vjw0rm persistence trojan worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  New Price List For DStv&GOtv.pdf.jar
- Size
  
  189KB
- MD5
  
  b1d6eafab8240680ef96194944ce3801
- SHA1
  
  a9b312e682e43b28d28faf6b66c903ba12dfecf5
- SHA256
  
  85daaa8ff4820b98c0d1471ed68ab675f2fea97f4d6f6f48a951b4344b9c2b38
- SHA512
  
  af2daaccce5c601f4dae45ea51113eb85cb86b055dbba22bfaf131200c5ecf4f29ff66c42ae7bb1d9d6fd893cb715f1c77734f211f296ef91f98c5fa0ac37cf2
Score

10^/10

strrat vjw0rm collection persistence stealer trojan worm
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

strratvjw0rmcollectionpersistencestealertrojanworm

behavioral2

vjw0rmpersistencetrojanworm

© 2018-2024

Terms | Privacy