General

  • Target

    Order.gz.exe

  • Size

    360KB

  • Sample

    230606-rdtxjaef21

  • MD5

    856dbd09409da8b58b98d75bb8b6c7c0

  • SHA1

    04ac238a5349afe2f3f0a2dffad9cf615130b674

  • SHA256

    8873e65ad529e832113ee75d5bc8e3a18d150ed475c09e0c6f5ce1458f0bf9a3

  • SHA512

    bfe9543baef25017dd61339c75c9c38d05bd903256cc592a5b964055bb62fd932422714461557c8fc8a2ea280d56627dd52e0cd9a990a3ad787dff27fbf195bc

  • SSDEEP

    6144:1piSQi4W9Bmmdk2DT0uYdIHIBIbmSmSBJB6fmpXAhtagxMI2b+ORpNqE3KqT:1fHX/mKaSvoGX4tagutDo8T

Malware Config

Targets

    • Target

      Order.gz.exe

    • Size

      360KB

    • MD5

      856dbd09409da8b58b98d75bb8b6c7c0

    • SHA1

      04ac238a5349afe2f3f0a2dffad9cf615130b674

    • SHA256

      8873e65ad529e832113ee75d5bc8e3a18d150ed475c09e0c6f5ce1458f0bf9a3

    • SHA512

      bfe9543baef25017dd61339c75c9c38d05bd903256cc592a5b964055bb62fd932422714461557c8fc8a2ea280d56627dd52e0cd9a990a3ad787dff27fbf195bc

    • SSDEEP

      6144:1piSQi4W9Bmmdk2DT0uYdIHIBIbmSmSBJB6fmpXAhtagxMI2b+ORpNqE3KqT:1fHX/mKaSvoGX4tagutDo8T

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks