General

  • Target

    002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6.js

  • Size

    199KB

  • Sample

    241016-sy682a1cqk

  • MD5

    aa597f36329d08510090f6340995538a

  • SHA1

    096af4879ef8ee00c5e441670f6b3e4a94b010f4

  • SHA256

    002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6

  • SHA512

    c880c3f2f0d3eb70f39b50f8b5f7307a35f6f52318237f76cee209865f6de7d0c3e869e5697254bbf74f744368847f4af3b9e5fb9a9fd60fb30f15e6b33a3c3f

  • SSDEEP

    6144:KQZlI75f7+TvI341Sz+7mgPe0RnX+FJlUR+mxR6LO5BGu+BVvvKBl7EDB0F52fzy:Z8LmB6tD7iFSg

Malware Config

Targets

    • Target

      002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6.js

    • Size

      199KB

    • MD5

      aa597f36329d08510090f6340995538a

    • SHA1

      096af4879ef8ee00c5e441670f6b3e4a94b010f4

    • SHA256

      002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6

    • SHA512

      c880c3f2f0d3eb70f39b50f8b5f7307a35f6f52318237f76cee209865f6de7d0c3e869e5697254bbf74f744368847f4af3b9e5fb9a9fd60fb30f15e6b33a3c3f

    • SSDEEP

      6144:KQZlI75f7+TvI341Sz+7mgPe0RnX+FJlUR+mxR6LO5BGu+BVvvKBl7EDB0F52fzy:Z8LmB6tD7iFSg

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks