General
-
Target
835bc4b59c124c2c28fd98acd9a8d6d43cb76f9859277b470a75d87e6b97d7f3.js
-
Size
455KB
-
Sample
241004-b3yzsaxerj
-
MD5
e6c000051f40808e93931bfdf2c5256e
-
SHA1
d4777746ee558788c4d22c68df4ad699dcc2cd14
-
SHA256
835bc4b59c124c2c28fd98acd9a8d6d43cb76f9859277b470a75d87e6b97d7f3
-
SHA512
da811bbdbbc7bb5c52fdfd6d902af0b5e7c7e1d139db399adcb8eb3bc6530f111548eaa091850f923d05ceb8b15f636a637b402cb9d2d8763a309e9f0891c25c
-
SSDEEP
12288:wCcDYnaA2meIGJZakKOeZbZV0aJGeORhYj5AbaQW5Io9ST7:wDYh2mQakKpP9KOJU
Malware Config
Targets
-
-
Target
835bc4b59c124c2c28fd98acd9a8d6d43cb76f9859277b470a75d87e6b97d7f3.js
-
Size
455KB
-
MD5
e6c000051f40808e93931bfdf2c5256e
-
SHA1
d4777746ee558788c4d22c68df4ad699dcc2cd14
-
SHA256
835bc4b59c124c2c28fd98acd9a8d6d43cb76f9859277b470a75d87e6b97d7f3
-
SHA512
da811bbdbbc7bb5c52fdfd6d902af0b5e7c7e1d139db399adcb8eb3bc6530f111548eaa091850f923d05ceb8b15f636a637b402cb9d2d8763a309e9f0891c25c
-
SSDEEP
12288:wCcDYnaA2meIGJZakKOeZbZV0aJGeORhYj5AbaQW5Io9ST7:wDYh2mQakKpP9KOJU
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1