General

  • Target

    URGENTPAYMENTREQUEST.js

  • Size

    455KB

  • Sample

    241004-lg64dawglr

  • MD5

    ec7b21746a03ffd34199f1943b74fe5e

  • SHA1

    c575de9f5fe3af6b479d6b0eff608ba2cbad2c9a

  • SHA256

    b5fab9889d333c721fed265c13879f11315afe346d13356d4d1d61d16cc2b9d7

  • SHA512

    581e999de6f8a2fe6083ac2b3688422b7241779d606d0cd48547e2f967ce5e79be0b37bd52a839c68d1c9689e6fe290745c292f808f7b39a3ee462687195466b

  • SSDEEP

    12288:wpJc5fLTwmpBt3bSZoWeA/3nk4I4eTrSfD:wO73lW5

Malware Config

Targets

    • Target

      URGENTPAYMENTREQUEST.js

    • Size

      455KB

    • MD5

      ec7b21746a03ffd34199f1943b74fe5e

    • SHA1

      c575de9f5fe3af6b479d6b0eff608ba2cbad2c9a

    • SHA256

      b5fab9889d333c721fed265c13879f11315afe346d13356d4d1d61d16cc2b9d7

    • SHA512

      581e999de6f8a2fe6083ac2b3688422b7241779d606d0cd48547e2f967ce5e79be0b37bd52a839c68d1c9689e6fe290745c292f808f7b39a3ee462687195466b

    • SSDEEP

      12288:wpJc5fLTwmpBt3bSZoWeA/3nk4I4eTrSfD:wO73lW5

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks