General
-
Target
ZILCORP_POP.rar
-
Size
256KB
-
Sample
240624-ktgtksxcnm
-
MD5
1fec81e815675e859231122b8ffcd6a3
-
SHA1
dc4bc2f9bc34bd451293daca363b628c61847974
-
SHA256
80ccb9fa03af599723c0ee1ad4084db53318222b7ce529bad558f5028fe01a57
-
SHA512
0a77983277f701b5b6c0b652b45a7c60c45bd7ce14c84b27b5978e0de697dc95dd13875ca2bbb118cc77a49f754690bff6b195c83affc1478b5e62e6808f4524
-
SSDEEP
6144:XSB6dFx6RQ1ZoASP7WE4mlFd7zBxb7cbmGC5Ff:XSBMx6kuASPKEdlFd7X3caGCXf
Malware Config
Targets
-
-
Target
ZILCORP_POP.js
-
Size
424KB
-
MD5
228ffb4e92fdb79da09e379168d28b7d
-
SHA1
00ab295a54b2a2892dc9a178be819c8cf6648ed0
-
SHA256
93b921e53498e0ce61fa8740e083f55a10d72b0b9a406cdb05a9860ffcc94eb9
-
SHA512
6c3c76b0294a9a5ac2c55f03c0524d9ac5a037c5f374c1a80aa6e15d6f4f1068b65d9db0460e5d37becb06709c414c3f2c81060d76dbf7077fc46330f1b066c9
-
SSDEEP
6144:XQqj5e5byQl5AQE/fGn+Z+8sE1mTzJh2gIABvxOsMUURJNOkk52dUe:g3VlS2+4vKCzbtB5Os/r2dUe
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1