General
-
Target
cb19162767f15a3043137f8124c6df663861b6537b28cfe7d930fd18cec33c6b.js
-
Size
207KB
-
Sample
241004-chfs5ssejc
-
MD5
0444071c6c7d8675aa708e00bdad9787
-
SHA1
639c3c2fc315ce73b3d179be4ba1fa8c94644c9b
-
SHA256
cb19162767f15a3043137f8124c6df663861b6537b28cfe7d930fd18cec33c6b
-
SHA512
1b32599cff480157f6d2030d088caf71983cdbca12073dde4a83580f92e93fc4f202272e9ccbc21b25a8a6afe228fdf2ca3e571a18bdd5bb0207db2542a56ae8
-
SSDEEP
6144:HQxCFBSSouokamJqydZZeL9ekQNMwMS0TrqLHEwnHj:w4tLS5VajT
Malware Config
Targets
-
-
Target
cb19162767f15a3043137f8124c6df663861b6537b28cfe7d930fd18cec33c6b.js
-
Size
207KB
-
MD5
0444071c6c7d8675aa708e00bdad9787
-
SHA1
639c3c2fc315ce73b3d179be4ba1fa8c94644c9b
-
SHA256
cb19162767f15a3043137f8124c6df663861b6537b28cfe7d930fd18cec33c6b
-
SHA512
1b32599cff480157f6d2030d088caf71983cdbca12073dde4a83580f92e93fc4f202272e9ccbc21b25a8a6afe228fdf2ca3e571a18bdd5bb0207db2542a56ae8
-
SSDEEP
6144:HQxCFBSSouokamJqydZZeL9ekQNMwMS0TrqLHEwnHj:w4tLS5VajT
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1