General

  • Target

    1cb72dd000981a7f72f42e187c7a9788ec3d8c972ef0b6052f65ec059cbbb1a1.js

  • Size

    835KB

  • Sample

    240612-bhrd7sxcrd

  • MD5

    a5e17a3b0f562f722011b2025ad1badf

  • SHA1

    e3e8457df8c12a7d76c021851c923fbb3f090257

  • SHA256

    1cb72dd000981a7f72f42e187c7a9788ec3d8c972ef0b6052f65ec059cbbb1a1

  • SHA512

    23930d5bbdc3336fe5599b39c23de6a1319d2032713866eb8bbcb54c4d91aaf4de296b1fa441b7a6bc17dad2bacedf8fd6ed7a4e0efc81a5fb23726d8c4eee7f

  • SSDEEP

    768:XQ9KqO+g0ESJoOYHmxzFQi0O7I02iVuUBbS4OPtI0KIr3l9MgkmJ3Eudgis8aidB:XQfRVQgpATGGzIQ1DQ8lU+

Malware Config

Targets

    • Target

      1cb72dd000981a7f72f42e187c7a9788ec3d8c972ef0b6052f65ec059cbbb1a1.js

    • Size

      835KB

    • MD5

      a5e17a3b0f562f722011b2025ad1badf

    • SHA1

      e3e8457df8c12a7d76c021851c923fbb3f090257

    • SHA256

      1cb72dd000981a7f72f42e187c7a9788ec3d8c972ef0b6052f65ec059cbbb1a1

    • SHA512

      23930d5bbdc3336fe5599b39c23de6a1319d2032713866eb8bbcb54c4d91aaf4de296b1fa441b7a6bc17dad2bacedf8fd6ed7a4e0efc81a5fb23726d8c4eee7f

    • SSDEEP

      768:XQ9KqO+g0ESJoOYHmxzFQi0O7I02iVuUBbS4OPtI0KIr3l9MgkmJ3Eudgis8aidB:XQfRVQgpATGGzIQ1DQ8lU+

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks