General

  • Target

    finanace_document.js

  • Size

    124KB

  • Sample

    220217-fbpn9ahba7

  • MD5

    7894001787374e3ea1c3380f0a37523e

  • SHA1

    d0fb6995f15f2c8c980f07e94ed4041fe9a18316

  • SHA256

    ff09ee281033a47f148aab892fd3edefcf4b03f3f1e4b47b0d0e35df3e3ac7ce

  • SHA512

    d74308064a0baba37c3baf612591c18efff57d37f7fd1efa8cf35a69b9066134a70a6f8e34d4b832b66cfff6d780ba76c63e8ba312fc76e15fb8fb98d29f2ae8

Malware Config

Targets

    • Target

      finanace_document.js

    • Size

      124KB

    • MD5

      7894001787374e3ea1c3380f0a37523e

    • SHA1

      d0fb6995f15f2c8c980f07e94ed4041fe9a18316

    • SHA256

      ff09ee281033a47f148aab892fd3edefcf4b03f3f1e4b47b0d0e35df3e3ac7ce

    • SHA512

      d74308064a0baba37c3baf612591c18efff57d37f7fd1efa8cf35a69b9066134a70a6f8e34d4b832b66cfff6d780ba76c63e8ba312fc76e15fb8fb98d29f2ae8

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks