General

  • Target

    b6d25ecb0051db174e07044f9b2769d8d01fbec8f1cd226c80060b4989353ec5

  • Size

    130KB

  • Sample

    220212-e6ypzahegk

  • MD5

    c7b142125eb1c8e9f792c5e03b779690

  • SHA1

    7fb3be06c9f6422e33fe43630e6ff9605a7c22a4

  • SHA256

    845e28a72ea5103fb6872fab1f89369738b9b745fd20fdac2acf62f032ec9719

  • SHA512

    0f720d6281589a91487e6474cfed58df4d56d9a776b65fd9765ff9963edf7bfe8e3bf4662876b7f9a040849c29ef66da2468e82b4f5a91df636f16e2b8916d05

Malware Config

Targets

    • Target

      invoice.js

    • Size

      495KB

    • MD5

      b11a07d2eac8ae65cc7a5f02aacd782b

    • SHA1

      f2d001616c1deeeba49500650a419ac417319f5e

    • SHA256

      9c162d9c78f7890b3bea82f582c668c9805a926e67bf162f69a65137c524d048

    • SHA512

      1c8cf2c08d2340253739877d1e42372f1809a3b1dc50388351b28ad15458cf2c725703336f67fe50c1e650e7876135e0e0ca375cf53bb23175bdcd7f4c5778d8

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks