General

  • Target

    ORDER.zip

  • Size

    201KB

  • Sample

    230704-l984fabh52

  • MD5

    296b151c8c9979c6b9661728be0c3bb7

  • SHA1

    3bb425fe8e9385dc1f7fcf21109fe5749c4f5eca

  • SHA256

    f0fa8732973493f86e5f30ed0458d97c52e4d38452dcbd57b1dbb2ebf4663c3c

  • SHA512

    2f221be9bd7ae189a819567d991e37e93ea85a32dd85ec23ca489a7b4e16750d04d5e77dc7c3efc6d5759c311ab8dfc4ab0d0884e7c1e1fca2c597b2e639508c

  • SSDEEP

    6144:0JdDQiHbC8MGHNvFSZojX2ZYVu0g96MpJyhUVt:i5HgKmZkut9/Dt

Malware Config

Targets

    • Target

      ORDER.js

    • Size

      912KB

    • MD5

      70e483ab51c94cd2318fb5cb0de989fd

    • SHA1

      8bb7ff7229a9eb8230dcbdc8507e60b3403313c0

    • SHA256

      a0041aa69a92b8a85e020dcf6424960e466c4e2f315a556bed9e06d870dddf47

    • SHA512

      350dac5a389fbdf85c770a1d4858b2152eceb8903558f0a5b37a95bb172a987eea2c932dd9bf06bd62f813e4b334daff3d83838a9e127f1135e2c077b0cb972a

    • SSDEEP

      1536:j21Ax5SP/rgoMp633kUFPyHqVfxkCx1UE8o1TQ5CAiaRgd6W0NQHMpgac+0rOMzc:Uh+vek3mUQKN

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks