General
-
Target
Faktura 22062022105025.js
-
Size
453KB
-
Sample
220622-sq44pscca3
-
MD5
e0ee6501ff7c833e22e405f0a3add213
-
SHA1
bb2685e7c70428de5848f1b1f53d5b687b9610f8
-
SHA256
5e691b3588f4bcffbe60656a23ee0bb46081c4b7d18d0f600af6508a2dcf7768
-
SHA512
f3c6eae4a7b33e86c167d2fb3cef9437bb3d3f9beee3c105e4693facca06b38e60322f0e285b2b1d9753d42c1450ff9d5302365c3d81e28f6687bf707a49bdf4
Malware Config
Targets
-
-
Target
Faktura 22062022105025.js
-
Size
453KB
-
MD5
e0ee6501ff7c833e22e405f0a3add213
-
SHA1
bb2685e7c70428de5848f1b1f53d5b687b9610f8
-
SHA256
5e691b3588f4bcffbe60656a23ee0bb46081c4b7d18d0f600af6508a2dcf7768
-
SHA512
f3c6eae4a7b33e86c167d2fb3cef9437bb3d3f9beee3c105e4693facca06b38e60322f0e285b2b1d9753d42c1450ff9d5302365c3d81e28f6687bf707a49bdf4
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
suricata: ET MALWARE STRRAT CnC Checkin
suricata: ET MALWARE STRRAT CnC Checkin
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-