General
-
Target
RequestForQuotation.js
-
Size
202KB
-
Sample
241014-h78s4s1hph
-
MD5
6350bcd7fc5381cf37a3c3011d32d270
-
SHA1
0be16c936ffbb3ed8f811da384c4629c5990d706
-
SHA256
84315757f962b3883c39b1d1b583f4b7e59b0400fac2dbbcb203ff821fef7d8a
-
SHA512
7b8a0ae071306464952035e15ef836e33628e9b2b74ac7d2d63c7198b71d823f8f138cdf457e32d0f92dfd06512b1b54a5345bb284c732f3406b2eaf38fea209
-
SSDEEP
3072:KQVTNIJABDzOPUvDPV14vmg9OGqUMzJZkrnbMmxhtMoOHzibaEZBI3hr845+uJ:KQVTZcPU9SuzjJ6rnbMmxhtkinZy2GJ
Malware Config
Targets
-
-
Target
RequestForQuotation.js
-
Size
202KB
-
MD5
6350bcd7fc5381cf37a3c3011d32d270
-
SHA1
0be16c936ffbb3ed8f811da384c4629c5990d706
-
SHA256
84315757f962b3883c39b1d1b583f4b7e59b0400fac2dbbcb203ff821fef7d8a
-
SHA512
7b8a0ae071306464952035e15ef836e33628e9b2b74ac7d2d63c7198b71d823f8f138cdf457e32d0f92dfd06512b1b54a5345bb284c732f3406b2eaf38fea209
-
SSDEEP
3072:KQVTNIJABDzOPUvDPV14vmg9OGqUMzJZkrnbMmxhtMoOHzibaEZBI3hr845+uJ:KQVTZcPU9SuzjJ6rnbMmxhtkinZy2GJ
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1