General
-
Target
158792c08431083ed4a2b947b78dc8cae334e00b2c8e8335f85e4bf4c78bce60
-
Size
282KB
-
Sample
240926-t9m5za1amb
-
MD5
7ae3496c75020f0660608b487b7c244d
-
SHA1
e04f835fb7f5ac419dc9a08ea49a424eeb86558f
-
SHA256
158792c08431083ed4a2b947b78dc8cae334e00b2c8e8335f85e4bf4c78bce60
-
SHA512
c45e45b81116a98898cf8b0a5d19f8e830953dd89c3909f8f2f50fac34822548bf89de635a99c18fef62aa74b728c858ad602daf101b2f9f897b28a75fad05bb
-
SSDEEP
6144:px60UYeMw2F4p8evRVh4S1FjgJXvPAXj+12V9LMOfut3WR6d8LN7T8:z60U84pZVdsJXgz+YjJfkWQd8FT8
Malware Config
Targets
-
-
Target
PO#518463.js
-
Size
453KB
-
MD5
f04f4fb3190c6cd423a4d84cf521cf65
-
SHA1
9d11423067f7e004d14a3803b3fe2ee046ab3dfd
-
SHA256
5709dc35796f2a91483860820770e74dead9f01eaf2433832016fdacd2eed209
-
SHA512
6bf28689632f5c7f8a19e03e3d2efd7af34f6d6d73f8f78c4b5ae97f7af051e85cbaac40640334cfe089337aa0c5388a11ad4e7a71e98841ea67585c710c1162
-
SSDEEP
12288:woWNEiYoNEy3ND5k6XrhqncWkhLPDS430IR:w4SR5xbWkhLN30s
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1