Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
268dbe22d47fc8451cde376a6238c0ec8b00466cf7d8d09a14fb0d6224fc406c.js
-
Size
210KB
-
Sample
250215-db5z5atlf1
-
MD5
cb6593bf0eb7ddbeae1bf4749651dd39
-
SHA1
9aa656bdc906a3b379f46851dcc5a5e570912cf8
-
SHA256
268dbe22d47fc8451cde376a6238c0ec8b00466cf7d8d09a14fb0d6224fc406c
-
SHA512
0ea8939090b74162fd6a1a6c65c344111bf443470350b462eed1b3f389c64074e08f31bc36b4915d9d6278e6961e59a37f088fca7827b3d3f7b0389bc1f31142
-
SSDEEP
6144:eQPYmzShz4e5vt2W2GQ9Hy6+qPaEv+E+sotU:1AHFrcJt9
Malware Config
Targets
-
-
Target
268dbe22d47fc8451cde376a6238c0ec8b00466cf7d8d09a14fb0d6224fc406c.js
-
Size
210KB
-
MD5
cb6593bf0eb7ddbeae1bf4749651dd39
-
SHA1
9aa656bdc906a3b379f46851dcc5a5e570912cf8
-
SHA256
268dbe22d47fc8451cde376a6238c0ec8b00466cf7d8d09a14fb0d6224fc406c
-
SHA512
0ea8939090b74162fd6a1a6c65c344111bf443470350b462eed1b3f389c64074e08f31bc36b4915d9d6278e6961e59a37f088fca7827b3d3f7b0389bc1f31142
-
SSDEEP
6144:eQPYmzShz4e5vt2W2GQ9Hy6+qPaEv+E+sotU:1AHFrcJt9
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Strrat family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1