General

  • Target

    Quotation.js

  • Size

    735KB

  • Sample

    240921-yrjgaa1blk

  • MD5

    cdc82b3a33f628b81a778ab0113cbc07

  • SHA1

    64fb545477164d33fec94483ad440d13ee69914b

  • SHA256

    c6fee7fb70025c071b147b62a8f12eff3fc9f2c05e192e423ca4164de6b02a46

  • SHA512

    80ffc5356fae94e88831c10969a5d582f6b416de25f071ec9b6a2fa220ccd1349267978a25c5ccbac16e4faca00fa285c860e2c07a8fc8e21357715e9f53b856

  • SSDEEP

    6144:HQgVAE6B1K5/5lTBO60rIqscTHl2xmQ8xt8geFwFx7YwnTLK8N5ocR3xJhi9Mw9B:wDK

Malware Config

Targets

    • Target

      Quotation.js

    • Size

      735KB

    • MD5

      cdc82b3a33f628b81a778ab0113cbc07

    • SHA1

      64fb545477164d33fec94483ad440d13ee69914b

    • SHA256

      c6fee7fb70025c071b147b62a8f12eff3fc9f2c05e192e423ca4164de6b02a46

    • SHA512

      80ffc5356fae94e88831c10969a5d582f6b416de25f071ec9b6a2fa220ccd1349267978a25c5ccbac16e4faca00fa285c860e2c07a8fc8e21357715e9f53b856

    • SSDEEP

      6144:HQgVAE6B1K5/5lTBO60rIqscTHl2xmQ8xt8geFwFx7YwnTLK8N5ocR3xJhi9Mw9B:wDK

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks