General
-
Target
QUOTATION.js
-
Size
202KB
-
Sample
250205-vfmssavqat
-
MD5
c3399d5962cf0c35d267fa5157e1a1e9
-
SHA1
0fe5746c7e7ba86f5ce85f07e1cd2b2d391f17ac
-
SHA256
dc628151dd00039d1f96e11cfffcca93ca411132073a71b5bf9bee3d5368a56c
-
SHA512
3376bc35195a7f89035ef55f18cd5dfdbc7185cd402ec8884584ac7159523af20267a3aa3fbd809496c2a06d44b6eaf2f1f5b92c63033b2db04e9bd111616710
-
SSDEEP
3072:eQ/b8kU1KiwwFAaXoq271qPihljhmS/NeuTP9YTeGiNgphTmVWzai//Hocnih82:eQ/JU1KfSiUMjhmSlBT1YJiNg/vpHtQ
Malware Config
Targets
-
-
Target
QUOTATION.js
-
Size
202KB
-
MD5
c3399d5962cf0c35d267fa5157e1a1e9
-
SHA1
0fe5746c7e7ba86f5ce85f07e1cd2b2d391f17ac
-
SHA256
dc628151dd00039d1f96e11cfffcca93ca411132073a71b5bf9bee3d5368a56c
-
SHA512
3376bc35195a7f89035ef55f18cd5dfdbc7185cd402ec8884584ac7159523af20267a3aa3fbd809496c2a06d44b6eaf2f1f5b92c63033b2db04e9bd111616710
-
SSDEEP
3072:eQ/b8kU1KiwwFAaXoq271qPihljhmS/NeuTP9YTeGiNgphTmVWzai//Hocnih82:eQ/JU1KfSiUMjhmSlBT1YJiNg/vpHtQ
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Strrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1