General
-
Target
RFQ- Ref. No. MS-DGP-220137.js
-
Size
375KB
-
Sample
220620-larecaebe7
-
MD5
522a31506ef88ce5bff4b179b11a9a4e
-
SHA1
24c6896ce449bd32acc6827247b14f5c51ae9f71
-
SHA256
db0307c145bf8f940b790830d5ade8fd7bb6bac5dfc482a0d2eda2097ba24246
-
SHA512
02ca78bd2121f5d94e282af76beee1c292871eb9e22ab90474230de7565b4199682df14295100b7144c2cbd3940a2a5e23ce066e7dbd3b34dba65378af8843ce
Malware Config
Targets
-
-
Target
RFQ- Ref. No. MS-DGP-220137.js
-
Size
375KB
-
MD5
522a31506ef88ce5bff4b179b11a9a4e
-
SHA1
24c6896ce449bd32acc6827247b14f5c51ae9f71
-
SHA256
db0307c145bf8f940b790830d5ade8fd7bb6bac5dfc482a0d2eda2097ba24246
-
SHA512
02ca78bd2121f5d94e282af76beee1c292871eb9e22ab90474230de7565b4199682df14295100b7144c2cbd3940a2a5e23ce066e7dbd3b34dba65378af8843ce
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
suricata: ET MALWARE STRRAT CnC Checkin
suricata: ET MALWARE STRRAT CnC Checkin
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-