General

  • Target

    New Order.js

  • Size

    352KB

  • Sample

    230621-hj9qhahb9z

  • MD5

    b662081c24306347fe96b0461cac1c76

  • SHA1

    cf8a471dba51c21fd65cd5a0794654952a7559d1

  • SHA256

    989ce4d82fd24dbd20f261ec89891f90756b404e98364108517d897113dfd302

  • SHA512

    8c2bac8ef44d597e611018da40f8417d4114d0001061a278844177048356794f1a8a9e1cf8720aefca00e4f4d792f6357baa54d3c7e6b519e3570c31e04cf8d2

  • SSDEEP

    6144:NJrV1fMvYNeDXN+2nQZw8eCBKBSB6G9tJsD5rPTb4hYWKv16SK4jfQ7577:NJx1fMvHuZHeCogYD5OYWEwX

Malware Config

Targets

    • Target

      New Order.js

    • Size

      352KB

    • MD5

      b662081c24306347fe96b0461cac1c76

    • SHA1

      cf8a471dba51c21fd65cd5a0794654952a7559d1

    • SHA256

      989ce4d82fd24dbd20f261ec89891f90756b404e98364108517d897113dfd302

    • SHA512

      8c2bac8ef44d597e611018da40f8417d4114d0001061a278844177048356794f1a8a9e1cf8720aefca00e4f4d792f6357baa54d3c7e6b519e3570c31e04cf8d2

    • SSDEEP

      6144:NJrV1fMvYNeDXN+2nQZw8eCBKBSB6G9tJsD5rPTb4hYWKv16SK4jfQ7577:NJx1fMvHuZHeCogYD5OYWEwX

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks