General
-
Target
641fdb5107c6bf1464e504b104f4212e_JaffaCakes118
-
Size
175KB
-
Sample
240722-v5q7hayema
-
MD5
641fdb5107c6bf1464e504b104f4212e
-
SHA1
28d6a378737161239d1baccb676139465371e5b4
-
SHA256
d442f0733815e462aeaa718e6892f825ec32b82f6eb72c78fafb64746a59c397
-
SHA512
c7b770915cf7ebe17accb79c93a2f19790594ace9a775e7b705e2758428e9a98f662d92fff5f2b71dfef8591e012de9c7feec6df584a994cff657384fbe08208
-
SSDEEP
3072:C8MUKfL6brZYAogfu8PTO90GEUTX27X5G0mvQmriWDLKsmLnIEvj3+UwGABMEDsi:C/VYYAVfhO90GEUTW5qQmGWqsmLnT7+D
Malware Config
Targets
-
-
Target
641fdb5107c6bf1464e504b104f4212e_JaffaCakes118
-
Size
175KB
-
MD5
641fdb5107c6bf1464e504b104f4212e
-
SHA1
28d6a378737161239d1baccb676139465371e5b4
-
SHA256
d442f0733815e462aeaa718e6892f825ec32b82f6eb72c78fafb64746a59c397
-
SHA512
c7b770915cf7ebe17accb79c93a2f19790594ace9a775e7b705e2758428e9a98f662d92fff5f2b71dfef8591e012de9c7feec6df584a994cff657384fbe08208
-
SSDEEP
3072:C8MUKfL6brZYAogfu8PTO90GEUTX27X5G0mvQmriWDLKsmLnIEvj3+UwGABMEDsi:C/VYYAVfhO90GEUTW5qQmGWqsmLnT7+D
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1