General

  • Target

    qxotpybg.txt

  • Size

    164KB

  • Sample

    230609-xy4kcsda99

  • MD5

    e42e41dca87067441bf95942122244ef

  • SHA1

    b322424df5aec8e114bf9fcf179884db9722eeda

  • SHA256

    3aaca9e3fafd07c13175168d00a2d3fc4c7837990da32d5d80eb14303d53b132

  • SHA512

    2f40e875a916b56b6acd099192824fd52d3cb4b2aac785d7c6e80c45b98971e7fed7790f4ada946b0520180d2dd0819867ab326324bae50c04ba514c8d9aca5e

  • SSDEEP

    3072:4wkdMHMYgmf+EE9+6zdu9TqrkF2OZqA0+OM4rkxtFjb0x5oZS5h4o:4rIfVuu9TXF2OZn0mjF8x58AhL

Malware Config

Targets

    • Target

      qxotpybg.txt

    • Size

      164KB

    • MD5

      e42e41dca87067441bf95942122244ef

    • SHA1

      b322424df5aec8e114bf9fcf179884db9722eeda

    • SHA256

      3aaca9e3fafd07c13175168d00a2d3fc4c7837990da32d5d80eb14303d53b132

    • SHA512

      2f40e875a916b56b6acd099192824fd52d3cb4b2aac785d7c6e80c45b98971e7fed7790f4ada946b0520180d2dd0819867ab326324bae50c04ba514c8d9aca5e

    • SSDEEP

      3072:4wkdMHMYgmf+EE9+6zdu9TqrkF2OZqA0+OM4rkxtFjb0x5oZS5h4o:4rIfVuu9TXF2OZn0mjF8x58AhL

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks