General
-
Target
JaffaCakes118_8123bd619d954166aac39010723b1209
-
Size
182KB
-
Sample
250108-asxtasxqdl
-
MD5
8123bd619d954166aac39010723b1209
-
SHA1
6db869ad2f0bd7c8b4f10ef690386c2fd4a6692d
-
SHA256
688235edd0e908c64655904418de48d9be9abbe7745297c8ac3251d70d553da7
-
SHA512
e39182a56efa946c0da979695cb6edfcf9656572be0ecffac417e333b9a7c19862c11ef2cd0371aee8e3d8a77a320b24ea3e5a2d4336fcd2916b30ee54b47fd2
-
SSDEEP
3072:FwAic3rkuUnwzDLyGV03ggxeHxhyEtP2dvOhbDzCUyZcuuzZI5jmeL:FwAd3RUILdVgg1xzEOhDzryljmeL
Malware Config
Targets
-
-
Target
JaffaCakes118_8123bd619d954166aac39010723b1209
-
Size
182KB
-
MD5
8123bd619d954166aac39010723b1209
-
SHA1
6db869ad2f0bd7c8b4f10ef690386c2fd4a6692d
-
SHA256
688235edd0e908c64655904418de48d9be9abbe7745297c8ac3251d70d553da7
-
SHA512
e39182a56efa946c0da979695cb6edfcf9656572be0ecffac417e333b9a7c19862c11ef2cd0371aee8e3d8a77a320b24ea3e5a2d4336fcd2916b30ee54b47fd2
-
SSDEEP
3072:FwAic3rkuUnwzDLyGV03ggxeHxhyEtP2dvOhbDzCUyZcuuzZI5jmeL:FwAd3RUILdVgg1xzEOhDzryljmeL
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Strrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1