General

  • Target

    PO_Specification.js

  • Size

    181KB

  • Sample

    220211-wqa3eaeehm

  • MD5

    6357af083ae61f13806b6769da9db784

  • SHA1

    a3697d500b21f73d76e0ff69bc66033a8fb80320

  • SHA256

    26afa1425ca112c0ed5e2cfb389a788070e796c0a36c69ddcaec6f80c4f51e11

  • SHA512

    c6d90506eb43c1bf956c6ab4f1622ce120569cb347851e964074a46724d721288cb05b61cc22584a09f89e48f2b6b95b02d510fbee71caadfe83728a5ddf370b

Malware Config

Targets

    • Target

      PO_Specification.js

    • Size

      181KB

    • MD5

      6357af083ae61f13806b6769da9db784

    • SHA1

      a3697d500b21f73d76e0ff69bc66033a8fb80320

    • SHA256

      26afa1425ca112c0ed5e2cfb389a788070e796c0a36c69ddcaec6f80c4f51e11

    • SHA512

      c6d90506eb43c1bf956c6ab4f1622ce120569cb347851e964074a46724d721288cb05b61cc22584a09f89e48f2b6b95b02d510fbee71caadfe83728a5ddf370b

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • suricata: ET MALWARE STRRAT CnC Checkin

      suricata: ET MALWARE STRRAT CnC Checkin

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks