General
-
Target
c31cee51acf037dd2a09dd6dfddc5e889df9646af5625f827007c5b795b0dbb6.js
-
Size
205KB
-
Sample
241023-ldly2asclc
-
MD5
b60592cb963de5d1cb804db6c07dd289
-
SHA1
20c09f859df663850c5f6ec109bc9a5a2831c022
-
SHA256
c31cee51acf037dd2a09dd6dfddc5e889df9646af5625f827007c5b795b0dbb6
-
SHA512
253537ea93ebf4c2decacea5a99ef1b7351d839498f690357a9ce6bc57baf2835b40cc7a7d4819a0e69cdfabea28290c0b6f3ea6c71971ca99967c789a59e251
-
SSDEEP
3072:DQGJLNtKFO/4xaWihrT5UAE5mZgyFz+OOdBdlsNzsQVmWp7:DQ6/n/WaWiha95bQz+OOjdMzsQVmWZ
Malware Config
Targets
-
-
Target
c31cee51acf037dd2a09dd6dfddc5e889df9646af5625f827007c5b795b0dbb6.js
-
Size
205KB
-
MD5
b60592cb963de5d1cb804db6c07dd289
-
SHA1
20c09f859df663850c5f6ec109bc9a5a2831c022
-
SHA256
c31cee51acf037dd2a09dd6dfddc5e889df9646af5625f827007c5b795b0dbb6
-
SHA512
253537ea93ebf4c2decacea5a99ef1b7351d839498f690357a9ce6bc57baf2835b40cc7a7d4819a0e69cdfabea28290c0b6f3ea6c71971ca99967c789a59e251
-
SSDEEP
3072:DQGJLNtKFO/4xaWihrT5UAE5mZgyFz+OOdBdlsNzsQVmWp7:DQ6/n/WaWiha95bQz+OOjdMzsQVmWZ
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1