General
-
Target
6036de6277ab720dc519c897669131338f618de95f848a7c6f167e51b473bc8a
-
Size
731KB
-
Sample
240827-srsgasygjn
-
MD5
b55993f3492c21f9e188512ccd01593b
-
SHA1
872f6f8b7bf5adb1236e0657ac2727ec4a71d1cd
-
SHA256
6036de6277ab720dc519c897669131338f618de95f848a7c6f167e51b473bc8a
-
SHA512
65d8f960d98f67a057652249458c296791bcc90f67ae4a057dab9047846e9c0b125fc59ce8dc15c3e42ad9e1201d581a705a40d3a8fa5a1da9ed204881c054f1
-
SSDEEP
6144:XQ/YI2TgEcljvq7ZZomevlr0gWl5sMWTVJNnabZGmWH9TJ5KIOykMLDMfjnGhjdL:gV
Malware Config
Targets
-
-
Target
6036de6277ab720dc519c897669131338f618de95f848a7c6f167e51b473bc8a
-
Size
731KB
-
MD5
b55993f3492c21f9e188512ccd01593b
-
SHA1
872f6f8b7bf5adb1236e0657ac2727ec4a71d1cd
-
SHA256
6036de6277ab720dc519c897669131338f618de95f848a7c6f167e51b473bc8a
-
SHA512
65d8f960d98f67a057652249458c296791bcc90f67ae4a057dab9047846e9c0b125fc59ce8dc15c3e42ad9e1201d581a705a40d3a8fa5a1da9ed204881c054f1
-
SSDEEP
6144:XQ/YI2TgEcljvq7ZZomevlr0gWl5sMWTVJNnabZGmWH9TJ5KIOykMLDMfjnGhjdL:gV
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1