General

  • Target

    37ace29b5befaa1a36cd7b92dc8c9aa20c1d8bbc613e0b5ab99c7f19fa6f36c3

  • Size

    319KB

  • Sample

    230920-ssf5naba98

  • MD5

    6d60fd236d34ec9f5982d44ad5c0ddc0

  • SHA1

    e62af304b41f8a8a69e5f611b64e0a1e65d18388

  • SHA256

    37ace29b5befaa1a36cd7b92dc8c9aa20c1d8bbc613e0b5ab99c7f19fa6f36c3

  • SHA512

    1cca496e0dd6fa4b90af36c18fa9999da375293bb141d8b07638ef63da86614d473578ff26fb2efc5ca6c6cacc79d91e4c6c98ca8e7a3eb84ceab40bfaec70ab

  • SSDEEP

    6144:WF039dCjNESPsRrmcyrpYPraTdnbO+0xzz1SRkPYibZomdRgV:WFg9dCxE5ycsyP0dnSBxH1SRk1xdRgV

Malware Config

Targets

    • Target

      CA22197-08082022 PI.js

    • Size

      1.3MB

    • MD5

      3105a413a55501f7a7a878643cd37b33

    • SHA1

      ab276a88e6a6be38aa3ff28aa97a8b1f8a55ff92

    • SHA256

      d25ad4df124b1f69972d1e09520ffecf979f89957ca296d11aaa4454d2922a97

    • SHA512

      6d59ae07512ef52c3a99bc0165eb7ca1c14cbd6bd43b09fe87d972c475221bd6cd027795075a5b3ce31fef66fe2df39b7de1194bdd1fe92a1ecbbd546d4b70a1

    • SSDEEP

      6144:MQJdZ/vlGYLDTYNpHI4DCQwZEauZnDjhLkoNety1CHrD2dDcuNoKlk7JYlD8AbdG:X/3

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks