General
-
Target
dc6aeb1f8d342bc7863a71083222cfa544b340c181e2be87dd39f5d25aac12e4.js
-
Size
352KB
-
Sample
240509-cj475acf2z
-
MD5
e38d8e75f11cf191e173aa3e2528b57a
-
SHA1
0e7e3b6ca4118660adb1ad6cfa238613458c5245
-
SHA256
dc6aeb1f8d342bc7863a71083222cfa544b340c181e2be87dd39f5d25aac12e4
-
SHA512
a8d2e021f69c22918972b505b742c06ed0aed4003adef538853b68d55647a17e089828b8bc85c2e57feb7f92962dd5aa671f9a58635dbc49b7baf753ca96c176
-
SSDEEP
6144:J0pVKGI89xY7aXi0rp+/UHXoh4aKfo3DuWmeZRgUCJeyIFhzKcvz30DBaDvzMvh:CVKa9xxs4/YzrZvz3hjzs
Malware Config
Targets
-
-
Target
dc6aeb1f8d342bc7863a71083222cfa544b340c181e2be87dd39f5d25aac12e4.js
-
Size
352KB
-
MD5
e38d8e75f11cf191e173aa3e2528b57a
-
SHA1
0e7e3b6ca4118660adb1ad6cfa238613458c5245
-
SHA256
dc6aeb1f8d342bc7863a71083222cfa544b340c181e2be87dd39f5d25aac12e4
-
SHA512
a8d2e021f69c22918972b505b742c06ed0aed4003adef538853b68d55647a17e089828b8bc85c2e57feb7f92962dd5aa671f9a58635dbc49b7baf753ca96c176
-
SSDEEP
6144:J0pVKGI89xY7aXi0rp+/UHXoh4aKfo3DuWmeZRgUCJeyIFhzKcvz30DBaDvzMvh:CVKa9xxs4/YzrZvz3hjzs
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-