strrat | 5d5080676044d6feec7830dfa7d1cfa28edd7f9948d8489018f040a65416b7b5 | Triage

Submit
Reports

Overview

overview

Static

static

Purchase I...947.js

windows7_x64

Purchase I...947.js

windows10-2004_x64

Sharing

General

Target

Purchase Inquiry #210620220947.js
Size

456KB
Sample

220621-k8hdnaehd3
MD5

d7b9dd8c8988e35424c930b6f14a8472
SHA1

8ef48daf0ae415b98a947793462cbb4b9440314e
SHA256

5d5080676044d6feec7830dfa7d1cfa28edd7f9948d8489018f040a65416b7b5
SHA512

f61635a50dc82aeb59bf5e68fd6b149526ae0c7c0dfb6b628cba69a7f353fc77b687e237dde3d18c13c3d2e9d7b493658548081942c2dd485dd1d9ec557ae4ad

Score

10^/10

strrat vjw0rm persistence stealer suricata trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Inquiry #210620220947.js

Resource

win7-20220414-en

strrat vjw0rm persistence stealer suricata trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Inquiry #210620220947.js

Resource

win10v2004-20220414-en

strrat vjw0rm persistence stealer suricata trojan worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Purchase Inquiry #210620220947.js
- Size
  
  456KB
- MD5
  
  d7b9dd8c8988e35424c930b6f14a8472
- SHA1
  
  8ef48daf0ae415b98a947793462cbb4b9440314e
- SHA256
  
  5d5080676044d6feec7830dfa7d1cfa28edd7f9948d8489018f040a65416b7b5
- SHA512
  
  f61635a50dc82aeb59bf5e68fd6b149526ae0c7c0dfb6b628cba69a7f353fc77b687e237dde3d18c13c3d2e9d7b493658548081942c2dd485dd1d9ec557ae4ad
Score

10^/10

strrat vjw0rm persistence stealer suricata trojan worm
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- suricata: ET MALWARE STRRAT CnC Checkin
  suricata: ET MALWARE STRRAT CnC Checkin
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

strratvjw0rmpersistencestealersuricatatrojanworm

behavioral2

strratvjw0rmpersistencestealersuricatatrojanworm

© 2018-2024

Terms | Privacy