General
-
Target
DOC934798848.js
-
Size
238KB
-
Sample
241125-lmk34azpby
-
MD5
208ac4eb6c75aced85071562b1bc079d
-
SHA1
0a3bb6f310317d31bad26a0076c5e7313699739b
-
SHA256
427e4dcb36206392d10846d4aa4e37ec0c724d2b5c26c662b3670b120bdf84c3
-
SHA512
1f2d13791bbc1e58f42eee63e6e5708b333d476d0f3ea39c185a99a7f11079477c80ddbef4304a27a4b62114579b5443d0d698a689929ccea3e0b27bee3d9b13
-
SSDEEP
6144:eQrh+XeVWsUDMmQPiXmvnuKFESB51tsr3wtNX5ihm:19xWsUDaESBBsr3uXl
Malware Config
Targets
-
-
Target
DOC934798848.js
-
Size
238KB
-
MD5
208ac4eb6c75aced85071562b1bc079d
-
SHA1
0a3bb6f310317d31bad26a0076c5e7313699739b
-
SHA256
427e4dcb36206392d10846d4aa4e37ec0c724d2b5c26c662b3670b120bdf84c3
-
SHA512
1f2d13791bbc1e58f42eee63e6e5708b333d476d0f3ea39c185a99a7f11079477c80ddbef4304a27a4b62114579b5443d0d698a689929ccea3e0b27bee3d9b13
-
SSDEEP
6144:eQrh+XeVWsUDMmQPiXmvnuKFESB51tsr3wtNX5ihm:19xWsUDaESBBsr3uXl
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Strrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1