General
-
Target
dd418fd6827cd6c3b3cda5f0b6f8e8e3b887d82b8ed51a3523475406e4850da7
-
Size
202KB
-
Sample
241023-k16raa1flf
-
MD5
99fb9b2b5a775f8ea1ae9e4f8585d1dd
-
SHA1
37bdbbe6608d8871de738c3ba3cf67dad8b71067
-
SHA256
dd418fd6827cd6c3b3cda5f0b6f8e8e3b887d82b8ed51a3523475406e4850da7
-
SHA512
96dd2b5243670f843ea2ad078c19ca312295705f0f69be907f87127c0919f1eaa83a5d545ec3699774811dbdec5cb0e776d4544ab2bc946cfc11a68472317a4c
-
SSDEEP
6144:DQ+y8BtWEQpsaFj0N2t92UlaztT5dzzd6:kYnZc9lC50
Malware Config
Targets
-
-
Target
dd418fd6827cd6c3b3cda5f0b6f8e8e3b887d82b8ed51a3523475406e4850da7
-
Size
202KB
-
MD5
99fb9b2b5a775f8ea1ae9e4f8585d1dd
-
SHA1
37bdbbe6608d8871de738c3ba3cf67dad8b71067
-
SHA256
dd418fd6827cd6c3b3cda5f0b6f8e8e3b887d82b8ed51a3523475406e4850da7
-
SHA512
96dd2b5243670f843ea2ad078c19ca312295705f0f69be907f87127c0919f1eaa83a5d545ec3699774811dbdec5cb0e776d4544ab2bc946cfc11a68472317a4c
-
SSDEEP
6144:DQ+y8BtWEQpsaFj0N2t92UlaztT5dzzd6:kYnZc9lC50
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1