strrat | 0a19ba2af0a2c3b6bdb5c7265439185093c1f6e8128338b7d566e3a15cc8b193 | Triage

Sharing

General

Target

0a19ba2af0a2c3b6bdb5c7265439185093c1f6e8128338b7d566e3a15cc8b193.js
Size

3.3MB
Sample

230215-xkbx7adb5y
MD5

31ab51d7763f4f5ad28694ed48facfd3
SHA1

a30f977582468ee7cb1857e126dfef4ea741c661
SHA256

0a19ba2af0a2c3b6bdb5c7265439185093c1f6e8128338b7d566e3a15cc8b193
SHA512

f25fd376bf29b214bf3442a1abbed58c0d39f82cf9fbd6e101ea54f37c73784a896a3d13794ab3c383977856c76fd75d79059bfe9db646ed85a31fe0b9a21c05
SSDEEP

6144:RAAAlAAAR2AAADAAAAPOAAAqAAAJAAA6NAAAs6HAAAWAAAAAJK3AAAA0eAAAA1AX:UByMBLiHMuSYL

Score

10^/10

strrat vjw0rm persistence stealer trojan worm

Malware Config

Targets

- Target
  
  0a19ba2af0a2c3b6bdb5c7265439185093c1f6e8128338b7d566e3a15cc8b193.js
- Size
  
  3.3MB
- MD5
  
  31ab51d7763f4f5ad28694ed48facfd3
- SHA1
  
  a30f977582468ee7cb1857e126dfef4ea741c661
- SHA256
  
  0a19ba2af0a2c3b6bdb5c7265439185093c1f6e8128338b7d566e3a15cc8b193
- SHA512
  
  f25fd376bf29b214bf3442a1abbed58c0d39f82cf9fbd6e101ea54f37c73784a896a3d13794ab3c383977856c76fd75d79059bfe9db646ed85a31fe0b9a21c05
- SSDEEP
  
  6144:RAAAlAAAR2AAADAAAAPOAAAqAAAJAAA6NAAAs6HAAAWAAAAAJK3AAAA0eAAAA1AX:UByMBLiHMuSYL
Score

10^/10

vjw0rm trojan worm strrat persistence stealer
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

strratvjw0rmpersistencestealertrojanworm