General

  • Target

    e9b5142587dce6f0abef31186ec8dd9f6f1ccd894726fe810c507d01f979ddeb

  • Size

    960KB

  • Sample

    220129-qctppsbfd7

  • MD5

    a6b4a26ccae308f4356ae23a38660e70

  • SHA1

    24229e8a44f4e70264b4d0b8e84e18feac75a8c9

  • SHA256

    e9b5142587dce6f0abef31186ec8dd9f6f1ccd894726fe810c507d01f979ddeb

  • SHA512

    7b65e6b430f2980e033241fe11866b079a62968e9abbc10c536347ca9143b069a34c54c17d188772e9ca5c367519dd4e7be4a056138235308deb8d0ed082ff05

Malware Config

Targets

    • Target

      e9b5142587dce6f0abef31186ec8dd9f6f1ccd894726fe810c507d01f979ddeb

    • Size

      960KB

    • MD5

      a6b4a26ccae308f4356ae23a38660e70

    • SHA1

      24229e8a44f4e70264b4d0b8e84e18feac75a8c9

    • SHA256

      e9b5142587dce6f0abef31186ec8dd9f6f1ccd894726fe810c507d01f979ddeb

    • SHA512

      7b65e6b430f2980e033241fe11866b079a62968e9abbc10c536347ca9143b069a34c54c17d188772e9ca5c367519dd4e7be4a056138235308deb8d0ed082ff05

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks