General
-
Target
PO#518464.js
-
Size
458KB
-
Sample
240927-kc1kcstcpm
-
MD5
bad891ad34cea31a079100af2269d1a2
-
SHA1
5ec553750e242c145483984e6d856cd8a8749fb3
-
SHA256
25c4220159b9f1acd768415b14403854a8dec47c3d1a1286e75631f60bc54ebf
-
SHA512
2b95217a632bc953115bf6eb5632fe5476f9b1b6b037edb9fed507d4681784aec3f62e4ba62acec707eca5d507ee29d1e278ff4022dd572f02e2f63790fc6b8f
-
SSDEEP
6144:HQ79rj8xxZDM9PuwTd51LkiZJsuRnuXtMVDjCWMtZlAgQmXauo72q3Hs5lcflfrC:w9ASJDJkgnRLDjQ3AL2q362C
Malware Config
Targets
-
-
Target
PO#518464.js
-
Size
458KB
-
MD5
bad891ad34cea31a079100af2269d1a2
-
SHA1
5ec553750e242c145483984e6d856cd8a8749fb3
-
SHA256
25c4220159b9f1acd768415b14403854a8dec47c3d1a1286e75631f60bc54ebf
-
SHA512
2b95217a632bc953115bf6eb5632fe5476f9b1b6b037edb9fed507d4681784aec3f62e4ba62acec707eca5d507ee29d1e278ff4022dd572f02e2f63790fc6b8f
-
SSDEEP
6144:HQ79rj8xxZDM9PuwTd51LkiZJsuRnuXtMVDjCWMtZlAgQmXauo72q3Hs5lcflfrC:w9ASJDJkgnRLDjQ3AL2q362C
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1