General
-
Target
d5ae06930fcf5befc19002a652049055822cbfbffa22b93ff0b6e0f2e1ce67a4.js
-
Size
777KB
-
Sample
241001-jj6jhsyanp
-
MD5
bb503cb59416e826e54c606edd10b104
-
SHA1
81a9713534bfb82b5a66dbd6c629df40f1fe79e5
-
SHA256
d5ae06930fcf5befc19002a652049055822cbfbffa22b93ff0b6e0f2e1ce67a4
-
SHA512
e69e0b367d9cd6639adb9707ec09f57642a7c788f76850fa9d958d1625a4b57ec1d84e7ad43eb07ec5ba054f8d797ebf989336c51ab10a97dbc1ae3a013421e5
-
SSDEEP
6144:HQR2oZA/yOrMb3B2zMCOsUB1q4l3DPZrl7C9PW6BSjlrd3k7HGgjxN+acv/jDinL:wmCq
Malware Config
Targets
-
-
Target
d5ae06930fcf5befc19002a652049055822cbfbffa22b93ff0b6e0f2e1ce67a4.js
-
Size
777KB
-
MD5
bb503cb59416e826e54c606edd10b104
-
SHA1
81a9713534bfb82b5a66dbd6c629df40f1fe79e5
-
SHA256
d5ae06930fcf5befc19002a652049055822cbfbffa22b93ff0b6e0f2e1ce67a4
-
SHA512
e69e0b367d9cd6639adb9707ec09f57642a7c788f76850fa9d958d1625a4b57ec1d84e7ad43eb07ec5ba054f8d797ebf989336c51ab10a97dbc1ae3a013421e5
-
SSDEEP
6144:HQR2oZA/yOrMb3B2zMCOsUB1q4l3DPZrl7C9PW6BSjlrd3k7HGgjxN+acv/jDinL:wmCq
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1