General

  • Target

    Doc-PO.161015-AGS_510160523.gz

  • Size

    220KB

  • Sample

    230606-qy4f2aed8x

  • MD5

    b102d13f794c0adc6d34168a4cd379da

  • SHA1

    d75a7bd0e7156ff97d05f6df952a616913cab6f0

  • SHA256

    78c13c7c14ba3068053b7749c2671ba76cce489e3dbd310bc58641adf2e2fbe8

  • SHA512

    a7c82ad0a3dac7b4f121ba9b8e108012026ab9ff001214abb9d98866352b661f71d7bf48b2fdf0e35965dda548e8da01a63355f15e3dc2e6d6821c2265306c5c

  • SSDEEP

    6144:jaHshetHfuUVjZp1En4t4BAiYc9JImFt9QqUG5QXeB:thet/VVmn4iai59/9L5QOB

Malware Config

Targets

    • Target

      Doc-PO.161015-AGS_510160523.js

    • Size

      364KB

    • MD5

      22a10561df6d4e94ee66a05c2460c1c2

    • SHA1

      e5956d08f7f2ead17df83a537fb436789d086bdf

    • SHA256

      0d6dc81831f9dbc108a2bf9cb913678e392d1e2c22aad3cd900e59bc3c3a2e62

    • SHA512

      f0ea2cd4ec18b1308bef68705112910efceeb2e301ea4ef1857b0774fabfc01ac5bb55931764504a84248ca6eee65c5f84e81679deeff83cca81949edf6fa1a3

    • SSDEEP

      6144:Mo5w5IFL7veLmHXaWQ5jhHpw3ciNh+bmy7mN8igz1fH9FjB55f0+lWsEoymYS8Ym:TeS3aphOHtz6Tht/ym9CBmVold

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks