Overview

overview

10

Static

static

1

INS-386779.js

windows7-x64

3

INS-386779.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INS-386779.js

  • Size

    460KB

  • Sample

    240508-wh1m4aaf23

  • MD5

    c24358be43368c8197bc1d25f3ba421e

  • SHA1

    b97e6fcbfccedbf673f0126caa24e1665a50dec8

  • SHA256

    f4267ec696cf9223569ebbb27617e04641eab296a81b919c923a54288342a34c

  • SHA512

    0d2ec59968d8169f7efb6d31551a101460bdbe8bfb8d0ac67e0a0b2841910032fabc9b824a7b7e9bc17317b12df751bf5197085b65f7d229af3a331ac982b8d7

  • SSDEEP

    6144:Dk5b3RksMXWmzWRqpAOcGB3DRC+xpleNKkJJ2lj7j+viVd7Wbs9HLsT5UQ5TsBzr:kCyROcGVsJH6ljfpTHzzksf

Score
10/10
strratdiscoveryexecutionpersistencestealertrojan

Malware Config

Targets

    • Target

      INS-386779.js

    • Size

      460KB

    • MD5

      c24358be43368c8197bc1d25f3ba421e

    • SHA1

      b97e6fcbfccedbf673f0126caa24e1665a50dec8

    • SHA256

      f4267ec696cf9223569ebbb27617e04641eab296a81b919c923a54288342a34c

    • SHA512

      0d2ec59968d8169f7efb6d31551a101460bdbe8bfb8d0ac67e0a0b2841910032fabc9b824a7b7e9bc17317b12df751bf5197085b65f7d229af3a331ac982b8d7

    • SSDEEP

      6144:Dk5b3RksMXWmzWRqpAOcGB3DRC+xpleNKkJJ2lj7j+viVd7Wbs9HLsT5UQ5TsBzr:kCyROcGVsJH6ljfpTHzzksf

    Score
    10/10
    executionstrratdiscoverypersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks