Overview

overview

10

Static

static

7

2ecb8a22e5...c3.exe

windows7-x64

7

2ecb8a22e5...c3.exe

windows10-2004-x64

7

c72d738747...8bf.js

windows7-x64

10

c72d738747...8bf.js

windows10-2004-x64

10

ec5e12b3ea...da.jar

windows7-x64

1

ec5e12b3ea...da.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Downloads.rar

  • Size

    1.2MB

  • Sample

    230326-lqklqsaa7w

  • MD5

    5689ea14a373cdbdd9bf990de8695082

  • SHA1

    31f14c629263fd2358a442f28439a0a406be4762

  • SHA256

    a8c0236c98449cbca8097ca4923fe0b5b878944796e240f64595fc85b99092e4

  • SHA512

    c6c98f2dcaaba2ce0a7713554d9de45e326883a5d1526fe6551f82cf53f96df9cf427ef1262d3950daf43d29f43e8799ef754dda5ed74e1b052b33b7b4bcd000

  • SSDEEP

    24576:8nBlabRtBFqzvH5mbEMXle3Nkq7LAwalGCbkXEGJV0fV/Y/:8B2TBFqP5TMXle3aYkNGCgX7yNm

Score
10/10
strratvjw0rmpersistencestealertrojanupxworm

Malware Config

Targets

    • Target

      2ecb8a22e5831fafcbaf0392b5b617c3.exe.vir

    • Size

      870KB

    • MD5

      2ecb8a22e5831fafcbaf0392b5b617c3

    • SHA1

      ebd35d45d8ec1779f57457b7383da40c6ad8b77e

    • SHA256

      7208422887eda7041fb87c8d836a31d41b9d74c8ee724c179a795bd83ce29ab9

    • SHA512

      f261f99301b8c0e94a58feda80560e144cffe07073c1c5ae065f308338de04c3ac57d727bc5c70ed83b59ab670afb82f647d6d288777dff2065087e992524f73

    • SSDEEP

      24576:zFzruKzEV3L2bTvWX5CnthV+2qRcExFn:zF/zEVbk7DnthwRc4

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      c72d738747f68d4f8d9e9368e47928bf.js.vir

    • Size

      9.2MB

    • MD5

      c72d738747f68d4f8d9e9368e47928bf

    • SHA1

      00b523b2e3ab0f2bfd7d4aabf3b1c33ae390c585

    • SHA256

      06b94b3ec86bd4a61888848f379808954de1ff2a1fe471edcfa312f5e9ba2ab5

    • SHA512

      1a01baa0c813b928cf5dfe456f76acdcf9be0e0df8a6131e248f9aa5456c65a69cb9809efe56afc4db32cfeeb93ca42e3319f1e53689ba4ed23b77911b802c61

    • SSDEEP

      3072:gNK8RjR/R8x/xqm2O1IrWa7Mjv/GnOv3GmPLjCKKIz9vs2J96i/OBDVOdz83Pm7+:I

    Score
    10/10
    strratvjw0rmpersistencestealertrojanworm

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

    • Target

      ec5e12b3ea2318692c2d2b74c33dfbda.jar.vir

    • Size

      164KB

    • MD5

      ec5e12b3ea2318692c2d2b74c33dfbda

    • SHA1

      f7f6c3d3e266c7a85ec489389d5508eaa1983055

    • SHA256

      056579d3948044c01ffa21dd8a14f7c4109efd25e609055e24a37cb6db603ef7

    • SHA512

      0c91246971bb23ba3801b348ca8148c048de43c4caa7912b681868e471f5a0f080f2969e8fda1b04a002a81b403bddb22b62496b8eee75814cb691391ad5851a

    • SSDEEP

      3072:gw+lMnyYMmfcEA9E67Yu9T7rkdUOMMJ0rOM4rAxIF820xuBho5zO:gLcfHBu9TUdUOM005+FMxuX66

    Score
    10/10
    strratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks