General
-
Target
230f66e17bb2888242f14a2403d0c9a6_JaffaCakes118
-
Size
175KB
-
Sample
240703-t3139azfjc
-
MD5
230f66e17bb2888242f14a2403d0c9a6
-
SHA1
7482a6068d0562b8002bc1827d9b073012d389ba
-
SHA256
4f071d0dfe0d2e57c44b9157680ef8d17a36323095c212f3fb09faf59d8c91c1
-
SHA512
1a5b6028890ec40ea2b56840b6d96f724a853e085a5171f14758353f5909626df1459610ffe22565b8de71a28d8bae3b30c01d1c01d145f56997060e8b5c43db
-
SSDEEP
3072:mFe/oCh46wP4TEx46CG2Q8yIsKAE6tH0rzZcPU7rWIC0IegnEWetqaDtbQK:mFChxwQU4e29yIzAbRQSXSIextqaDtQK
Malware Config
Targets
-
-
Target
230f66e17bb2888242f14a2403d0c9a6_JaffaCakes118
-
Size
175KB
-
MD5
230f66e17bb2888242f14a2403d0c9a6
-
SHA1
7482a6068d0562b8002bc1827d9b073012d389ba
-
SHA256
4f071d0dfe0d2e57c44b9157680ef8d17a36323095c212f3fb09faf59d8c91c1
-
SHA512
1a5b6028890ec40ea2b56840b6d96f724a853e085a5171f14758353f5909626df1459610ffe22565b8de71a28d8bae3b30c01d1c01d145f56997060e8b5c43db
-
SSDEEP
3072:mFe/oCh46wP4TEx46CG2Q8yIsKAE6tH0rzZcPU7rWIC0IegnEWetqaDtbQK:mFChxwQU4e29yIzAbRQSXSIextqaDtQK
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1