General

  • Target

    nuccxfqtsg.js

  • Size

    754KB

  • Sample

    220309-wzbejabdd8

  • MD5

    46bcdb320f406ee06ae854e27b2d429d

  • SHA1

    3a06a41dcc923a0cf9147041927ae411073dc48d

  • SHA256

    fe9990f26b3ba4a65058bd83c8ff20144123a98c2d0f488c3f73cdf81ff43a07

  • SHA512

    d45eddf5c8ead2db1107e905e722d86ad310b9e6a8659a544430f9eb32c10697a266e1226cf7a2ab6e3dbefca235db2c5f04ed059f74cdc39d18a1f67036b134

Malware Config

Targets

    • Target

      nuccxfqtsg.js

    • Size

      754KB

    • MD5

      46bcdb320f406ee06ae854e27b2d429d

    • SHA1

      3a06a41dcc923a0cf9147041927ae411073dc48d

    • SHA256

      fe9990f26b3ba4a65058bd83c8ff20144123a98c2d0f488c3f73cdf81ff43a07

    • SHA512

      d45eddf5c8ead2db1107e905e722d86ad310b9e6a8659a544430f9eb32c10697a266e1226cf7a2ab6e3dbefca235db2c5f04ed059f74cdc39d18a1f67036b134

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks