Overview

overview

10

Static

static

1

S. Alam Gr...503.js

windows7-x64

3

S. Alam Gr...503.js

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    S. Alam Group - RFQ_No.6001735503.ace

  • Size

    216KB

  • Sample

    230516-m6tp1shd9x

  • MD5

    2649bb05e669ea428fe92a0ad6bd8fa0

  • SHA1

    87899cfda46b67335de4e053a9703e4f54561de0

  • SHA256

    ac3a074915f64a5bacbea23ef6655c70b586b85f88cd8e5d1668a1fdd1f45703

  • SHA512

    afdc819234db7df052d99e4ede656e71b9836b65ecd63ab978285773e6c523a2ea62fda11e207f705ca76548ad7308b84a9ef65ed5185c1d1785310416100ebd

  • SSDEEP

    6144:wyINReU8Lrzm03t7PWo0unZ/FG0yfNdEyEN1io9Q:wyI/efvt3hOo0G5F3WNGpN1rQ

Score
10/10
strratpersistencestealertrojan

Malware Config

Targets

    • Target

      S. Alam Group - RFQ_No.6001735503.js

    • Size

      352KB

    • MD5

      5f55e9203bd6ad1af0b3e63d775ae21d

    • SHA1

      566375ccd7e325239eedfbc5dc75a1989a87f6a9

    • SHA256

      9142d654faad73f016a8e45f7db19805707593793cddba53bd304d3a95ade840

    • SHA512

      97c3edf063f262849985a21bf7d54bf5d7ef7143daf611bf0c816232326bb0914b3c8f82c5cf2f8e42a7d07f1a501b1da212a78d7a8eb6f1a96447a20e3fa118

    • SSDEEP

      6144:zXFn7dHXGNTO7y0946Q3fp5VEkXgtc5gZEBeo+BiSdO21vXeoR4xmDyQP6:zhdHCd3f/VEQFgZE8iSnDyr

    Score
    10/10
    strratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks