General

  • Target

    Quotation.js

  • Size

    822KB

  • Sample

    240611-xh5gqaxdkd

  • MD5

    1439ff7d0498e63f8b6323c4263d6594

  • SHA1

    8d06ef0d937a1a64f4fc840bca74c41fb04f0331

  • SHA256

    35a08088d3233f2e66a45b4e99f66e082d410b4f44ac3717cdc355d3d6527df6

  • SHA512

    19639b0d7795548cad9ffdee0bd60a2686e95420ab2334b61464cde26fe5ed75ee65deca30697d3378cd7ba158c6ce9f2225ac77e8aa0d12c48df17c49d10e60

  • SSDEEP

    6144:XQHQhvn5h0IG+3yZ8dmKzRWdMrhYlJW+pxZjyWMbD3ShfdQqsePVEiqtCKPvIj5c:gu

Malware Config

Targets

    • Target

      Quotation.js

    • Size

      822KB

    • MD5

      1439ff7d0498e63f8b6323c4263d6594

    • SHA1

      8d06ef0d937a1a64f4fc840bca74c41fb04f0331

    • SHA256

      35a08088d3233f2e66a45b4e99f66e082d410b4f44ac3717cdc355d3d6527df6

    • SHA512

      19639b0d7795548cad9ffdee0bd60a2686e95420ab2334b61464cde26fe5ed75ee65deca30697d3378cd7ba158c6ce9f2225ac77e8aa0d12c48df17c49d10e60

    • SSDEEP

      6144:XQHQhvn5h0IG+3yZ8dmKzRWdMrhYlJW+pxZjyWMbD3ShfdQqsePVEiqtCKPvIj5c:gu

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks