General
-
Target
78882c274365a8fb9b0ce2402c31b4a173ea04e7645288c3a0210908533403cf.js
-
Size
4.9MB
-
Sample
230223-nf634ahe4t
-
MD5
4a38e31d3ef1231427efec1bf45cd882
-
SHA1
e8bea5f848779e84bbb9cc0f5585a62e086fadc7
-
SHA256
78882c274365a8fb9b0ce2402c31b4a173ea04e7645288c3a0210908533403cf
-
SHA512
8449570e03218f1efaa2d31783d73fd1c74b4011e8a3d0a281dd153eddc744d1e23d19d7e875aef2df2906e5197ca4271c7b1e28be0fe036368c212b72e4c35a
-
SSDEEP
3072:OPcyNWe8yIe784AfkDT6sfndkHoa7Qr1Lqy/3OMEvDgzo5O2IzE1aYHgDhKXU/Wd:6TN1U
Malware Config
Targets
-
-
Target
78882c274365a8fb9b0ce2402c31b4a173ea04e7645288c3a0210908533403cf.js
-
Size
4.9MB
-
MD5
4a38e31d3ef1231427efec1bf45cd882
-
SHA1
e8bea5f848779e84bbb9cc0f5585a62e086fadc7
-
SHA256
78882c274365a8fb9b0ce2402c31b4a173ea04e7645288c3a0210908533403cf
-
SHA512
8449570e03218f1efaa2d31783d73fd1c74b4011e8a3d0a281dd153eddc744d1e23d19d7e875aef2df2906e5197ca4271c7b1e28be0fe036368c212b72e4c35a
-
SSDEEP
3072:OPcyNWe8yIe784AfkDT6sfndkHoa7Qr1Lqy/3OMEvDgzo5O2IzE1aYHgDhKXU/Wd:6TN1U
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-