General

  • Target

    wiusyhdgfg.js

  • Size

    349KB

  • Sample

    230614-rvqlfaab48

  • MD5

    36aa904fd0eea38ab2078d7531153032

  • SHA1

    fce08032a06a9b45e500a673833783985eb48491

  • SHA256

    6f76388b57849bcf5f7516bdfb6971414b1a0a3df11a168aefa88724cb23a5fd

  • SHA512

    b6ecf22fc7e4aa596966c45d741c1ed233a55e8eecc1352ea3fa6fbf84dc9d237ff56a3e69769ba6d3d8fba51ac900115b2aae5c59b9b76237023256611b857a

  • SSDEEP

    6144:2DdWAQ4TilUN5qExZVcETsyIxHSal0fSv4bVijcWAcvGt4pWU2pNa:2DdWAQ4wiXxZVcYPI9F0fS1cWAg92pQ

Malware Config

Targets

    • Target

      wiusyhdgfg.js

    • Size

      349KB

    • MD5

      36aa904fd0eea38ab2078d7531153032

    • SHA1

      fce08032a06a9b45e500a673833783985eb48491

    • SHA256

      6f76388b57849bcf5f7516bdfb6971414b1a0a3df11a168aefa88724cb23a5fd

    • SHA512

      b6ecf22fc7e4aa596966c45d741c1ed233a55e8eecc1352ea3fa6fbf84dc9d237ff56a3e69769ba6d3d8fba51ac900115b2aae5c59b9b76237023256611b857a

    • SSDEEP

      6144:2DdWAQ4TilUN5qExZVcETsyIxHSal0fSv4bVijcWAcvGt4pWU2pNa:2DdWAQ4wiXxZVcYPI9F0fS1cWAg92pQ

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks