strrat | 12ca249e9fa5ed956d072ec466416fe50cf35c4c6c481ce19e07a52ef31e1a8a | Triage

Submit
Reports

Overview

overview

Static

static

????????? ...137.js

windows7_x64

????????? ...137.js

windows10-2004_x64

Sharing

General

Target

????????? ?? ?????? Ref. No. MS-DGP-220137.js
Size

375KB
Sample

220620-lz275sedc8
MD5

b34c9083eed5a3f38346fa1bf618745e
SHA1

bdd94f1f3509a6507b280d06a240c2df1c5a37e6
SHA256

12ca249e9fa5ed956d072ec466416fe50cf35c4c6c481ce19e07a52ef31e1a8a
SHA512

347bebc6d34a940423af01ac145c6e78555ba606a80af66973bf9ab9f73f23760fc0e27569ae15df7c5f3e53cc14f8889a00d38860f3255ca0868c8196f6763b

Score

10^/10

strrat vjw0rm persistence stealer suricata trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

????????? ?? ?????? Ref. No. MS-DGP-220137.js

Resource

win7-20220414-en

strrat vjw0rm persistence stealer suricata trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

????????? ?? ?????? Ref. No. MS-DGP-220137.js

Resource

win10v2004-20220414-en

vjw0rm persistence trojan worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ????????? ?? ?????? Ref. No. MS-DGP-220137.js
- Size
  
  375KB
- MD5
  
  b34c9083eed5a3f38346fa1bf618745e
- SHA1
  
  bdd94f1f3509a6507b280d06a240c2df1c5a37e6
- SHA256
  
  12ca249e9fa5ed956d072ec466416fe50cf35c4c6c481ce19e07a52ef31e1a8a
- SHA512
  
  347bebc6d34a940423af01ac145c6e78555ba606a80af66973bf9ab9f73f23760fc0e27569ae15df7c5f3e53cc14f8889a00d38860f3255ca0868c8196f6763b
Score

10^/10

strrat vjw0rm persistence stealer suricata trojan worm
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- suricata: ET MALWARE STRRAT CnC Checkin
  suricata: ET MALWARE STRRAT CnC Checkin
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

strratvjw0rmpersistencestealersuricatatrojanworm

behavioral2

vjw0rmpersistencetrojanworm

© 2018-2024

Terms | Privacy