General
-
Target
5c65955da2b6e996c378858d6a886bad85e969fd42509053794cb8ad64630894.js
-
Size
348KB
-
Sample
240512-k7ss1ace87
-
MD5
4bb46f4ad4dc8cfe2ef9476639538c9f
-
SHA1
405e782ca65b2c85d3010ffbd44cbd394e8076e1
-
SHA256
5c65955da2b6e996c378858d6a886bad85e969fd42509053794cb8ad64630894
-
SHA512
be0cd76dcaa26f00b4d6b61f855e69513fd341b234b465f2394a471b7a6753bd416b620b6d2795b319f591c2497c8c0374a34913672bcd8a5eb8faee06e57af5
-
SSDEEP
6144:FCrNm0YvnZIOE/gpukpiVogDsEOuJTKrk4qtiHPmKTvlCGiJTBj8rjFpnKqgWiQZ:gRmRvnZLxpcFT0qSTej8hNkJwnLXNT
Malware Config
Targets
-
-
Target
5c65955da2b6e996c378858d6a886bad85e969fd42509053794cb8ad64630894.js
-
Size
348KB
-
MD5
4bb46f4ad4dc8cfe2ef9476639538c9f
-
SHA1
405e782ca65b2c85d3010ffbd44cbd394e8076e1
-
SHA256
5c65955da2b6e996c378858d6a886bad85e969fd42509053794cb8ad64630894
-
SHA512
be0cd76dcaa26f00b4d6b61f855e69513fd341b234b465f2394a471b7a6753bd416b620b6d2795b319f591c2497c8c0374a34913672bcd8a5eb8faee06e57af5
-
SSDEEP
6144:FCrNm0YvnZIOE/gpukpiVogDsEOuJTKrk4qtiHPmKTvlCGiJTBj8rjFpnKqgWiQZ:gRmRvnZLxpcFT0qSTej8hNkJwnLXNT
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-