General
-
Target
8785fd0bea71e49476bf99ce74daa3f1261aca7c86655e63d4b2a9cb03bc77ab
-
Size
283KB
-
Sample
241003-l8cc3swhkq
-
MD5
009e90eec151b9bf0e716e8c1e7ce028
-
SHA1
da4e7869dd38f59f0e933597b2d0d14e82cc5050
-
SHA256
8785fd0bea71e49476bf99ce74daa3f1261aca7c86655e63d4b2a9cb03bc77ab
-
SHA512
7c407a56f2e130cf052fa4b51f55b9ee4d6242b297c210a3331baccb188674cb2d120d7e950fc1830172113166cc2d1e316893f7ab041ff657b14d6fa53bf530
-
SSDEEP
6144:F7vZz31TQkMVtUFePcMRXh0bHb73iEOqcWi0fgjMRJzzNt:tVZQ3VtUFxM70bHvhxcWPfgGBzj
Malware Config
Targets
-
-
Target
URGENT PAYMENT REQUEST.js
-
Size
455KB
-
MD5
e6c000051f40808e93931bfdf2c5256e
-
SHA1
d4777746ee558788c4d22c68df4ad699dcc2cd14
-
SHA256
835bc4b59c124c2c28fd98acd9a8d6d43cb76f9859277b470a75d87e6b97d7f3
-
SHA512
da811bbdbbc7bb5c52fdfd6d902af0b5e7c7e1d139db399adcb8eb3bc6530f111548eaa091850f923d05ceb8b15f636a637b402cb9d2d8763a309e9f0891c25c
-
SSDEEP
12288:wCcDYnaA2meIGJZakKOeZbZV0aJGeORhYj5AbaQW5Io9ST7:wDYh2mQakKpP9KOJU
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1