General

  • Target

    Request For Quotation.js

  • Size

    746KB

  • Sample

    240827-sn2wkaxbne

  • MD5

    e20445bd8d40d72c17a93a6e175842c2

  • SHA1

    9a887a492204632b05e67e9479d322ae620bb577

  • SHA256

    287323eb8dce9257ec7c85c9bea69dd1730a1e15c2df7476343ce8a95567ff74

  • SHA512

    d1bad3833aac26756a269d00c6fee14170a623951c8f9cb6b65ae01990b613966d76cef2cab440645a610c25f86c98b3995fff7b301e45e8905bbee5ae489b5d

  • SSDEEP

    6144:XQ792xbDD02mhpWBGtT1fMqGdlKzF5QG+sx9z5hubTYh/KI4GGp1/dKyuaDteR0C:gT

Malware Config

Targets

    • Target

      Request For Quotation.js

    • Size

      746KB

    • MD5

      e20445bd8d40d72c17a93a6e175842c2

    • SHA1

      9a887a492204632b05e67e9479d322ae620bb577

    • SHA256

      287323eb8dce9257ec7c85c9bea69dd1730a1e15c2df7476343ce8a95567ff74

    • SHA512

      d1bad3833aac26756a269d00c6fee14170a623951c8f9cb6b65ae01990b613966d76cef2cab440645a610c25f86c98b3995fff7b301e45e8905bbee5ae489b5d

    • SSDEEP

      6144:XQ792xbDD02mhpWBGtT1fMqGdlKzF5QG+sx9z5hubTYh/KI4GGp1/dKyuaDteR0C:gT

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks