General

  • Target

    Quotation Request.js

  • Size

    181KB

  • Sample

    220131-pdrfashbap

  • MD5

    e86e3a4aebec2173b1e54cb271a039e0

  • SHA1

    8f7704e3969242a70e9045cdfd7562b5b6d22744

  • SHA256

    5e966d0928d400be84979c4b695e548f4cc47e5aa377ed2ea816a5ddfd9233f4

  • SHA512

    97c53eccb63fb43197bd27666e57036f05a615c68ec1f2cf39ccf9cfe01d2f509aad10d1b793e032629e7dc497faeee5f6b3834776d7b82c1848a1f7ec3904b2

Score
10/10

Malware Config

Targets

    • Target

      Quotation Request.js

    • Size

      181KB

    • MD5

      e86e3a4aebec2173b1e54cb271a039e0

    • SHA1

      8f7704e3969242a70e9045cdfd7562b5b6d22744

    • SHA256

      5e966d0928d400be84979c4b695e548f4cc47e5aa377ed2ea816a5ddfd9233f4

    • SHA512

      97c53eccb63fb43197bd27666e57036f05a615c68ec1f2cf39ccf9cfe01d2f509aad10d1b793e032629e7dc497faeee5f6b3834776d7b82c1848a1f7ec3904b2

    Score
    10/10
    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks