General

  • Target

    70e483ab51c94cd2318fb5cb0de989fd.zip

  • Size

    201KB

  • Sample

    230704-hkqc9abd49

  • MD5

    e395439ec5f8e5cad40e75afa9b330c2

  • SHA1

    15524c9e60b7a4ae12587ad78657e4be1cea94c4

  • SHA256

    0a29a1f7209a2df645142f4964d016d0b90f9e2702dd3b702bb5b2f84203b064

  • SHA512

    93dc5c9b2a257ffc8340282e22c62ca7eb8a8320160bfa621acc5f556eec7e78b14368ca1acfbe1955d45caf4525b8aac4021e41bd5dc5f9842eeaea00d5ba20

  • SSDEEP

    6144:l7GYBKCHDKi2pdS91Br7oxEKnHhaqa1KJ:c8K6DLeY9HnoVBxJ

Malware Config

Targets

    • Target

      ORDER.js

    • Size

      912KB

    • MD5

      70e483ab51c94cd2318fb5cb0de989fd

    • SHA1

      8bb7ff7229a9eb8230dcbdc8507e60b3403313c0

    • SHA256

      a0041aa69a92b8a85e020dcf6424960e466c4e2f315a556bed9e06d870dddf47

    • SHA512

      350dac5a389fbdf85c770a1d4858b2152eceb8903558f0a5b37a95bb172a987eea2c932dd9bf06bd62f813e4b334daff3d83838a9e127f1135e2c077b0cb972a

    • SSDEEP

      1536:j21Ax5SP/rgoMp633kUFPyHqVfxkCx1UE8o1TQ5CAiaRgd6W0NQHMpgac+0rOMzc:Uh+vek3mUQKN

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks