Overview

overview

10

Static

static

1

Proof of payment.js

windows7-x64

3

Proof of payment.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Proof of payment.js

  • Size

    199KB

  • Sample

    241023-apl8dstdmq

  • MD5

    efe96b774d716e94b8ddf67f11799f72

  • SHA1

    cebf7446b7712b0be7d4139690413cb0a3ec2926

  • SHA256

    cc60fd66292a5edd37d23b5f3928015bd7aefa106df32d27adfe0604564ca682

  • SHA512

    795ff59eab0a6d253c5e039e6695d9f00f6e0a13714f311ecb744102c67fdbf5158812b570b7198bdd21349c6a2757ee85101517e71c446e56910f488cccf853

  • SSDEEP

    3072:DQ18m6EBIFcNzKF2+uKr0rZvInqhvFm+LeOn6dHihG+KwszDU:DQv6DSNWFUKrOQnqhvFm+0Vio+jR

Score
10/10
strratexecutionpersistencestealertrojan

Malware Config

Targets

    • Target

      Proof of payment.js

    • Size

      199KB

    • MD5

      efe96b774d716e94b8ddf67f11799f72

    • SHA1

      cebf7446b7712b0be7d4139690413cb0a3ec2926

    • SHA256

      cc60fd66292a5edd37d23b5f3928015bd7aefa106df32d27adfe0604564ca682

    • SHA512

      795ff59eab0a6d253c5e039e6695d9f00f6e0a13714f311ecb744102c67fdbf5158812b570b7198bdd21349c6a2757ee85101517e71c446e56910f488cccf853

    • SSDEEP

      3072:DQ18m6EBIFcNzKF2+uKr0rZvInqhvFm+LeOn6dHihG+KwszDU:DQv6DSNWFUKrOQnqhvFm+0Vio+jR

    Score
    10/10
    executionstrratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks