General

  • Target

    Ziraat Bankasi Swift Mesaji.js

  • Size

    353KB

  • Sample

    240514-jdjskafc3y

  • MD5

    f1e972166f46d1b17250e076b3c9d048

  • SHA1

    29de44cb79d7b60ecd0ccfc293dc137aadf70767

  • SHA256

    40c97f136f72b6613c9f947c7e1fe112706eae5c574902dd1904f80b0fc1d212

  • SHA512

    c7e3947eb45dbad441674f7f469edfdb2c385419c7583141995ed71cdd2faf8bb86248a12c2fbf7dcabdc45ba673ed35830e4ab75f439daf06631b19e7c734a4

  • SSDEEP

    6144:CjTqNadgJXXiQu87UE2tajU7RP4Y/oj3i+R/2RCO0VVQc6xZzHAOjnRKjoXBKZRG:CaAd0XXiw5jX+E3/WzpnlwJjXXyGe3

Malware Config

Targets

    • Target

      Ziraat Bankasi Swift Mesaji.js

    • Size

      353KB

    • MD5

      f1e972166f46d1b17250e076b3c9d048

    • SHA1

      29de44cb79d7b60ecd0ccfc293dc137aadf70767

    • SHA256

      40c97f136f72b6613c9f947c7e1fe112706eae5c574902dd1904f80b0fc1d212

    • SHA512

      c7e3947eb45dbad441674f7f469edfdb2c385419c7583141995ed71cdd2faf8bb86248a12c2fbf7dcabdc45ba673ed35830e4ab75f439daf06631b19e7c734a4

    • SSDEEP

      6144:CjTqNadgJXXiQu87UE2tajU7RP4Y/oj3i+R/2RCO0VVQc6xZzHAOjnRKjoXBKZRG:CaAd0XXiw5jX+E3/WzpnlwJjXXyGe3

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks