strrat | d72e9e277f3eadd7b9097a7f8d1d00f905d97df92bbf66982e51899a9d6eec60 | Triage

Submit
Reports

Overview

overview

Static

static

1

AWB#476587652.PDF.js

windows7-x64

AWB#476587652.PDF.js

windows10-2004-x64

Sharing

General

Target

AWB#476587652.PDF.js
Size

3.3MB
Sample

230409-hx8elahg67
MD5

0d0b1fc606201ddbf74b4833e08994b3
SHA1

177895061db3b2264b72bd57b96e707e7a3e50b8
SHA256

d72e9e277f3eadd7b9097a7f8d1d00f905d97df92bbf66982e51899a9d6eec60
SHA512

45fef7799272fc8606a50c7f75c280a121beb92119f11c00db6155c8b084ae69635c0201fdd96fa0398e33b43f30333767940a75bd5fb88908fb4050160f37b6
SSDEEP

24576:pJSd1V8/DH6mBy0ayVbGw9GZ0dKEMRs1Ayq+cISRxQCNj+4AX:ntbNX

Score

10^/10

strrat vjw0rm persistence stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

AWB#476587652.PDF.js

Resource

win7-20230220-en

vjw0rm trojan worm

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

AWB#476587652.PDF.js

Resource

win10v2004-20230221-en

strrat vjw0rm persistence stealer trojan worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  AWB#476587652.PDF.js
- Size
  
  3.3MB
- MD5
  
  0d0b1fc606201ddbf74b4833e08994b3
- SHA1
  
  177895061db3b2264b72bd57b96e707e7a3e50b8
- SHA256
  
  d72e9e277f3eadd7b9097a7f8d1d00f905d97df92bbf66982e51899a9d6eec60
- SHA512
  
  45fef7799272fc8606a50c7f75c280a121beb92119f11c00db6155c8b084ae69635c0201fdd96fa0398e33b43f30333767940a75bd5fb88908fb4050160f37b6
- SSDEEP
  
  24576:pJSd1V8/DH6mBy0ayVbGw9GZ0dKEMRs1Ayq+cISRxQCNj+4AX:ntbNX
Score

10^/10

vjw0rm trojan worm strrat persistence stealer
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

strratvjw0rmpersistencestealertrojanworm

© 2018-2024

Terms | Privacy