General

  • Target

    Request For Quotation.js

  • Size

    853KB

  • Sample

    241015-rhv1dsydng

  • MD5

    7830034fcf7339f1d60f197b5298fde0

  • SHA1

    5b46b120da09408ac5365a41d2d1d592ee16354e

  • SHA256

    48e280510d763ea0508f85658e5a5fdf4fb9a5b5e3de47d9fc271210a2e9f6f3

  • SHA512

    4ff8ac75039d6fbf0060f73b18d74d37ad4f8b47b490dc869b26f9671c593dcf65eab52e6e0f0ef71f05189648bc0d74aac78b667553e0fce0f2e20e476d8265

  • SSDEEP

    6144:KQXRiLVR+ZAFgfFIxviPCxeocRmAmuJp36clx+SzqAXyLCXiXh9VFIoqjKh633zq:Zo

Malware Config

Targets

    • Target

      Request For Quotation.js

    • Size

      853KB

    • MD5

      7830034fcf7339f1d60f197b5298fde0

    • SHA1

      5b46b120da09408ac5365a41d2d1d592ee16354e

    • SHA256

      48e280510d763ea0508f85658e5a5fdf4fb9a5b5e3de47d9fc271210a2e9f6f3

    • SHA512

      4ff8ac75039d6fbf0060f73b18d74d37ad4f8b47b490dc869b26f9671c593dcf65eab52e6e0f0ef71f05189648bc0d74aac78b667553e0fce0f2e20e476d8265

    • SSDEEP

      6144:KQXRiLVR+ZAFgfFIxviPCxeocRmAmuJp36clx+SzqAXyLCXiXh9VFIoqjKh633zq:Zo

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks