Overview

overview

10

Static

static

1

proof of payment.js

windows7-x64

3

proof of payment.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    proof of payment.001

  • Size

    119KB

  • Sample

    241022-rh6rws1cpl

  • MD5

    eedec6167ceebc22b58c03fc3a11e828

  • SHA1

    e1c8a9617f5af765f685452b08778465c4de5104

  • SHA256

    1af433705897f5df1641878250234e3a42eb3067a1c2e1fec226546ba32bd388

  • SHA512

    f482f8037406e51538a4f3a6240575104656d76c7a2d6a9d89971a4a912aeb76c0058d6d8e65387f60cee582b31981820aafe95fa719f4d02965229eb71f09cc

  • SSDEEP

    3072:ksccGuZoE8v5VKznBA/UdSl/D8y1iGRn49ol1xQU:hZbiEQ8AcdSlrD1iGG9oBl

Score
10/10
strratexecutionpersistencestealertrojan

Malware Config

Targets

    • Target

      proof of payment.js

    • Size

      205KB

    • MD5

      b60592cb963de5d1cb804db6c07dd289

    • SHA1

      20c09f859df663850c5f6ec109bc9a5a2831c022

    • SHA256

      c31cee51acf037dd2a09dd6dfddc5e889df9646af5625f827007c5b795b0dbb6

    • SHA512

      253537ea93ebf4c2decacea5a99ef1b7351d839498f690357a9ce6bc57baf2835b40cc7a7d4819a0e69cdfabea28290c0b6f3ea6c71971ca99967c789a59e251

    • SSDEEP

      3072:DQGJLNtKFO/4xaWihrT5UAE5mZgyFz+OOdBdlsNzsQVmWp7:DQ6/n/WaWiha95bQz+OOjdMzsQVmWZ

    Score
    10/10
    executionstrratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks