General

  • Target

    Febuary-Document_payment.js

  • Size

    495KB

  • Sample

    220211-k8233acdh5

  • MD5

    ae465d152f8a9464d3f4905d78c9a0d8

  • SHA1

    f79bdcaa2a3bf7524a0e3ef9de2929c51bc1d4bc

  • SHA256

    aaf3e41863060ec381e83082b8cd74e0e105a148f4bc258f5c39f9c91aa8fde7

  • SHA512

    3f74e5162e37517ddd1f83f84942b93c0ba80c858ec69c1fc27ee39c4598372f0f6b4399e1672cc433bdd3d917dd085816b9770bfeda31bf8404837022be4151

Malware Config

Targets

    • Target

      Febuary-Document_payment.js

    • Size

      495KB

    • MD5

      ae465d152f8a9464d3f4905d78c9a0d8

    • SHA1

      f79bdcaa2a3bf7524a0e3ef9de2929c51bc1d4bc

    • SHA256

      aaf3e41863060ec381e83082b8cd74e0e105a148f4bc258f5c39f9c91aa8fde7

    • SHA512

      3f74e5162e37517ddd1f83f84942b93c0ba80c858ec69c1fc27ee39c4598372f0f6b4399e1672cc433bdd3d917dd085816b9770bfeda31bf8404837022be4151

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks