General

  • Target

    Proof Of Payment.js

  • Size

    731KB

  • Sample

    240827-sn2wkayeqq

  • MD5

    b55993f3492c21f9e188512ccd01593b

  • SHA1

    872f6f8b7bf5adb1236e0657ac2727ec4a71d1cd

  • SHA256

    6036de6277ab720dc519c897669131338f618de95f848a7c6f167e51b473bc8a

  • SHA512

    65d8f960d98f67a057652249458c296791bcc90f67ae4a057dab9047846e9c0b125fc59ce8dc15c3e42ad9e1201d581a705a40d3a8fa5a1da9ed204881c054f1

  • SSDEEP

    6144:XQ/YI2TgEcljvq7ZZomevlr0gWl5sMWTVJNnabZGmWH9TJ5KIOykMLDMfjnGhjdL:gV

Malware Config

Targets

    • Target

      Proof Of Payment.js

    • Size

      731KB

    • MD5

      b55993f3492c21f9e188512ccd01593b

    • SHA1

      872f6f8b7bf5adb1236e0657ac2727ec4a71d1cd

    • SHA256

      6036de6277ab720dc519c897669131338f618de95f848a7c6f167e51b473bc8a

    • SHA512

      65d8f960d98f67a057652249458c296791bcc90f67ae4a057dab9047846e9c0b125fc59ce8dc15c3e42ad9e1201d581a705a40d3a8fa5a1da9ed204881c054f1

    • SSDEEP

      6144:XQ/YI2TgEcljvq7ZZomevlr0gWl5sMWTVJNnabZGmWH9TJ5KIOykMLDMfjnGhjdL:gV

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks