General
-
Target
1cef3a638243fd070d898fb3edabf7676d050246e736b73cdb9f23201d4f7858.js
-
Size
731KB
-
Sample
241127-cm4e1a1pcz
-
MD5
c3e39b8ea6a8813ffb4001cbd044a027
-
SHA1
36dc1ec5510e2531b23931b317e25ae2240df789
-
SHA256
1cef3a638243fd070d898fb3edabf7676d050246e736b73cdb9f23201d4f7858
-
SHA512
b61d5c9935f383334a33dc713bcf7c3ede9cda7f21766c9f06da3bd07dd874115c18fc6d58cbd3f20b99297c4a9017eb5b998db60f437a2d42fe1756f490e1f6
-
SSDEEP
6144:eQoo+DmkAh/CyDJuTg0lFPmx61HCLu+yHsWsLy+HiuNHW2Z5nJRU/pqFvVu77HEa:1+
Malware Config
Targets
-
-
Target
1cef3a638243fd070d898fb3edabf7676d050246e736b73cdb9f23201d4f7858.js
-
Size
731KB
-
MD5
c3e39b8ea6a8813ffb4001cbd044a027
-
SHA1
36dc1ec5510e2531b23931b317e25ae2240df789
-
SHA256
1cef3a638243fd070d898fb3edabf7676d050246e736b73cdb9f23201d4f7858
-
SHA512
b61d5c9935f383334a33dc713bcf7c3ede9cda7f21766c9f06da3bd07dd874115c18fc6d58cbd3f20b99297c4a9017eb5b998db60f437a2d42fe1756f490e1f6
-
SSDEEP
6144:eQoo+DmkAh/CyDJuTg0lFPmx61HCLu+yHsWsLy+HiuNHW2Z5nJRU/pqFvVu77HEa:1+
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Strrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1