Overview

overview

10

Static

static

1

Payment proof.js

windows7-x64

1

Payment proof.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment proof.js

  • Size

    213KB

  • Sample

    230330-wcajqafa8z

  • MD5

    311ef1f6a6172d92cc3e25ef956da75b

  • SHA1

    6dc2284e6668d462a3122e924b88fc1cdf28b07d

  • SHA256

    0df05fb645c21efe2ca3d955b82e24369238355bcd54f593ba8643b639a543af

  • SHA512

    c05343a9a33b834facb96a5119424a46f5e41d13cb30e148056cd47ab29b24f624eba3c16724f148ebbd543a7f5c81fe07148dd46b4d3c3df0eefe23815bec75

  • SSDEEP

    3072:GQyejZErck/3o6u5KyLpR7OaaEZERx4Rzt2OeMHuK3xM3pqBw/4wohXG0RFA:GQyTrC5K2pR7OaHZyxGXIy0k2uA

Score
10/10
strratpersistencestealertrojan

Malware Config

Targets

    • Target

      Payment proof.js

    • Size

      213KB

    • MD5

      311ef1f6a6172d92cc3e25ef956da75b

    • SHA1

      6dc2284e6668d462a3122e924b88fc1cdf28b07d

    • SHA256

      0df05fb645c21efe2ca3d955b82e24369238355bcd54f593ba8643b639a543af

    • SHA512

      c05343a9a33b834facb96a5119424a46f5e41d13cb30e148056cd47ab29b24f624eba3c16724f148ebbd543a7f5c81fe07148dd46b4d3c3df0eefe23815bec75

    • SSDEEP

      3072:GQyejZErck/3o6u5KyLpR7OaaEZERx4Rzt2OeMHuK3xM3pqBw/4wohXG0RFA:GQyTrC5K2pR7OaHZyxGXIy0k2uA

    Score
    10/10
    strratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks