Overview

overview

10

Static

static

1

ORDER2490407.PDF.js

windows7-x64

9

ORDER2490407.PDF.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ORDER2490407.PDF.js

  • Size

    7KB

  • Sample

    240906-n5qseavdjr

  • MD5

    4fcc56b7dbee1342e383030ab4be2e4a

  • SHA1

    63f5f4aa8bc732b9e678e64003f3760ee04c803e

  • SHA256

    743569106872154115ba9aa6c4d354ebacb7cb9db052306416f4e3890b994239

  • SHA512

    07ae0d9c24c3857b058f52cc6719196133e50da699b065e96a27b7e7629a37fede86479884ffddce3b5ba4b38aca95ba4f419fe9eb48cc1effc0a33d5a7606ed

  • SSDEEP

    192:PgDlcwvjBSx2FHIdPNLSxMISUEcwvjszhczS8McInkjHcZSfAIcLcRSTJcwvjG/i:PB47

Score
10/10
strratexecutionpersistencestealertrojan

Malware Config

Targets

    • Target

      ORDER2490407.PDF.js

    • Size

      7KB

    • MD5

      4fcc56b7dbee1342e383030ab4be2e4a

    • SHA1

      63f5f4aa8bc732b9e678e64003f3760ee04c803e

    • SHA256

      743569106872154115ba9aa6c4d354ebacb7cb9db052306416f4e3890b994239

    • SHA512

      07ae0d9c24c3857b058f52cc6719196133e50da699b065e96a27b7e7629a37fede86479884ffddce3b5ba4b38aca95ba4f419fe9eb48cc1effc0a33d5a7606ed

    • SSDEEP

      192:PgDlcwvjBSx2FHIdPNLSxMISUEcwvjszhczS8McInkjHcZSfAIcLcRSTJcwvjG/i:PB47

    Score
    10/10
    executionstrratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Detect jar appended to MSI

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks