General

  • Target

    Quotation Request.js

  • Size

    183KB

  • Sample

    220203-rs2kxsadc3

  • MD5

    3d4ab933250ad59e4985ce38205d7d13

  • SHA1

    fb52a5d609172ad9f8bcdbd6ff37f032fd5467f3

  • SHA256

    1ca90605b8cd8b9a919aefd274dbb31086632c6006cbb7a219d5b8a3e8aa7c38

  • SHA512

    1aabad45bafc67ceaf91cac27608e543e4c1e775472b0e042cf135fe922f0e86818dc4967090c5e3a60229e2ce8c6c9c5a1928766b098f127319e4a7b7cae564

Malware Config

Targets

    • Target

      Quotation Request.js

    • Size

      183KB

    • MD5

      3d4ab933250ad59e4985ce38205d7d13

    • SHA1

      fb52a5d609172ad9f8bcdbd6ff37f032fd5467f3

    • SHA256

      1ca90605b8cd8b9a919aefd274dbb31086632c6006cbb7a219d5b8a3e8aa7c38

    • SHA512

      1aabad45bafc67ceaf91cac27608e543e4c1e775472b0e042cf135fe922f0e86818dc4967090c5e3a60229e2ce8c6c9c5a1928766b098f127319e4a7b7cae564

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks