General

  • Target

    Final Payment Invoice.jar

  • Size

    218KB

  • Sample

    230621-g8cavshb5v

  • MD5

    a815ac738840c8682aa245ab42476d19

  • SHA1

    3617a9293fbe42ae26cd1c3423ff0a117999d952

  • SHA256

    a67fc3dec1318660696b553653929426bc6a061031de462ab57ceace5754a821

  • SHA512

    195a93dec560c21281e8206a6dd472a4b06e29ebd49b94f688938cccc1684b9cfaa9d257ecce7d058b9769d23ebedb030f8ef0d9b1682d131c7a98360af825fd

  • SSDEEP

    6144:eRSMKMKwBT6AqCSzH+mYol+vr+Wp04TwA:eRSJtKOvCSzemhl+vr+uTwA

Score
10/10

Malware Config

Extracted

Family

strrat

C2

microsoftmicrosoftmicrosoft.ydns.eu:4545

lefteriskkokkiskikinew.ydns.eu:4142

Attributes
  • license_id

    XUGN-HLIA-Z9LB-8NGB-WYLV

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      carLambo/EpWofAJVbFslmSVoJiOKl.class

    • Size

      8KB

    • MD5

      c4555f447ac399a4c06d959a7cd797c3

    • SHA1

      df8a2e267a4d6fe56eaaa44a0810faad501eabf1

    • SHA256

      0a9dbefd7ad73ae354e2e2364a44bedf77f525d8a9f255d3d2f318089db62449

    • SHA512

      c8a287293bfeb96b7527434a44fa86b1a671dbdfb78dce2489a16c5ac446ca9b021b542c9aaf565a5e005734f9c6723f186a653b078970ee62596156f0633ccb

    • SSDEEP

      192:X5ss1fbpE2oJnIrMpzw/P0GLEVJXTw6a0cuf:X5sKjpE2eIrAAqJjwDe

    Score
    3/10
    • Target

      carLambo/FirstRun.class

    • Size

      8KB

    • MD5

      318972286d87825587e5e3aec831c456

    • SHA1

      3d88392cfddad6d545df17fed75b382b1a99354b

    • SHA256

      6806d4b789483e7b823ecb155368003c4cb5b6cbd23c85283a70ccc1de4748d6

    • SHA512

      605af3ba5801bd9183798452e714ebdf9b4fb33f87ddbcdc18cf3c4bdaf70a6b1635c7fd9136433e059b104dae1e38b265f706939dd4355caea672dd99f3ed10

    • SSDEEP

      192:FKAtYPjQV2xLZgL42TA0qlJVHO5UNbkPs06z:FKgQCMLZgL42MzuUbkPsL

    Score
    3/10
    • Target

      carLambo/GDI32.class

    • Size

      254B

    • MD5

      0d10e33d7f1cd0d7a989be6383eb3eeb

    • SHA1

      2fa9809c21932b25077b138a861a3008b90c58ee

    • SHA256

      1f57a75d656981e79a0807088ad4cee9131c74263e0ec74bf92cc535c2292423

    • SHA512

      e0963e9fe35e25e48fbe25dd94ef423836609074c93d93c0dfffa250fb6cce54fedb80a26a3511fac8253372fd33f945d2c86a7fc21e7bab9fc40b60c9062cbe

    Score
    3/10
    • Target

      carLambo/HBrowserNativeApis.class

    • Size

      4KB

    • MD5

      37c626e65556250e1f4aa28f13f50ec6

    • SHA1

      ee3e78187da5c39b74b1533d4d9ccdc3d9f6a81b

    • SHA256

      aaa4e40550968e043121b557d06685abe8c04f7e2e0407d89626641615dec902

    • SHA512

      29f0ed02c33cad8529901f16837cb100738a79c74c5e3d70721720b7b8cd540d3acf4a2183bd57ad4890d8857a329e0a3237c4b2b3d26346823c91609ea8cedd

    • SSDEEP

      96:m7+cJ4rh4i/H5zhKp9wFWmWYaouGF/jE7:Hq4J/HtUPdmTahGVjk

    Score
    3/10
    • Target

      carLambo/Kernel32.class

    • Size

      240B

    • MD5

      e3f75446ab3124fc215c8361fcc09124

    • SHA1

      4844e5e11ee17d5d9019c1dbf7458488f64375bd

    • SHA256

      50c9b0ca5e829c97fa34c2470197a123ec5d993e9b88c5b0e2158e3488d41885

    • SHA512

      88d3c1caefa5742174562e7b271e101026993a703949cbc94f9a26695b3d20a7f626915b54ff8ed6fe6e1aff0725acc614864260544e427e838e594d8295bc8b

    Score
    3/10
    • Target

      carLambo/KhMkDuVtwQiqTmvRKNRUO.class

    • Size

      1KB

    • MD5

      f2beb729d761d08cdb93727c833c9317

    • SHA1

      8c8527f858cdd37a3e1d3d589bf86076323f337a

    • SHA256

      7a6dc25dd332386cd5c412b7f9b7dc3aa7530a5db420132d5181ea870840cfc1

    • SHA512

      ad0a2650bd7945e9d8e765127618c3be1c02fdd036afa9253d48cf18dfafe0348ac9f8cada4f5ffd10773fe252a425dd8df4590a4cecdb122b1f0d4166a9250d

    Score
    3/10
    • Target

      carLambo/MvtPefgRyYqmhJkLbJFZM.class

    • Size

      120B

    • MD5

      2122046e66fe6e48bf0cf839b70b10aa

    • SHA1

      3f3af3f3addf916e230da7095714a55bb942de95

    • SHA256

      64174c1a737567309431281be890841172166f2b8c6326eb70c8ec900f99adae

    • SHA512

      b0d20ecf0f8355233d67caa11c08b5f11f0c5d561e873787f435bb9da5e2246054e5d4c39c0f40226ba363c36923898c792a9e2d50e366f6faaa1fc693694530

    Score
    3/10
    • Target

      carLambo/ODxCDSlzXcVsVaqVcnjYn.class

    • Size

      1KB

    • MD5

      97ba92678945879bd6dd5d81c593ffd7

    • SHA1

      e927f2901221d428c160278807a6c8da22aff497

    • SHA256

      db7bf72a73c82f1ec8f3425788f27a12f80dcf2a8a933d011fed84fc01b82cb0

    • SHA512

      c378927c271d21b6d27f2e27b92dcd40ab7d2c7bd6727acef5f055c0ffc60f0e003cfa61fe50806ed90b41820a222aa33532800fed18d107d47f8a00b3fd3d2d

    Score
    3/10
    • Target

      carLambo/QULuOzqHXCcwKyTrdxVnN.class

    • Size

      5KB

    • MD5

      c648ff3be6862d06c018c9c857843713

    • SHA1

      8d009a762601efd30a63013a610568dbf42386f9

    • SHA256

      73f50ab830091397192545c9abc9a40d6cb25ffda561b7c2407d7011566423ad

    • SHA512

      29fbadea9edf92d46f9e726aa881325d2b474e4a841bf4e2e93d63c67a9622dd5490952b2e47c20f7ddbec347e0044dd16b8ee278410043a2a9eff58185acb1c

    • SSDEEP

      96:dmryXPjKfnO+MxKM1D0kZ6E8cp0h5dOENZai99jxF8flNMxlcbVPCxIwT:wrSLsjFM1DuPcU5tNZR9VxSlVEIwT

    Score
    3/10
    • Target

      carLambo/RZyWOkqJLQlVrMxWGpvsk.class

    • Size

      379B

    • MD5

      90a661a215d05231ca3d9f3404339bfc

    • SHA1

      0a40431cd7463cbd2631e67c6accfe5774d0af0e

    • SHA256

      f7bed4fa46b1ba7bef9cfe259f443e243f82a2edf4a56509e0ec076df2be4297

    • SHA512

      ff1cf5db70ac6619465e761165ae742ca332c988927ea914df65a86a7f01188af6c418985347b90620772e25f27beff89679822a2ebf467139e79edc661a40ad

    Score
    3/10
    • Target

      carLambo/VQZSJWtbIIIWStAmVeEzG.class

    • Size

      379B

    • MD5

      a4e2d16c78c7dbd4a1fc0a970f011ff6

    • SHA1

      382b68d45b848eefeb0cf4156abcba264456739a

    • SHA256

      18950aa0fefcfa7b437208ecbc3cd903fca1b9534314a86a3d9a63cb68e152fe

    • SHA512

      12a500d28c0f0ae69f19316766bb26727bc105a2f5489df14c3d5cc5f80f055e498de667fec6a1859b1b7973e723ee8650b2446c60bf9c27222648d206e3ceb1

    Score
    3/10
    • Target

      carLambo/WeZvnzdveHuSZcFllCmbF.class

    • Size

      8KB

    • MD5

      8cc6a62f14a44a2ea2c2f7517c52f983

    • SHA1

      7831ed081f36096ac0d345f68e5de22f7114fe8a

    • SHA256

      2f93018999e997f37e62d54f306112fb4893d19eea294ef7094d6132c3287afd

    • SHA512

      4018b7254385eacfa0ae2bb0fa7726fad6cca672d601a46e63392527ac84c462205714c1998cb026ce7cae825c97730eab15ba529ac483924fb3b55ffbb2a27a

    • SSDEEP

      96:GctRgFMS8vsU6cy7NU3xovAS6ccIBQ0yexuLJQ3/GufSbbygiG0MowPELrKnqml2:GcPgFMN0qy7NU3xovAn6wLGT+qa2eS9D

    Score
    3/10
    • Target

      carLambo/XYRGkdetsPPNCXpnbnjzm.class

    • Size

      378B

    • MD5

      d84196daebd5733ceb31d4e0115a4fca

    • SHA1

      86bf89b4d0a856c7655b17ec8086167d16821d57

    • SHA256

      8d3aae3bf55290d8acd75336a5fdb3ecfb747661782f275b625a40478d3af819

    • SHA512

      eb4e2b8b393cdb04deb116d866056a191a86840a5be5808efeed62b3b4a36349a5bcee6672359405270e94b51979c09c3c254222de5209d7da89ccd3da81bb83

    Score
    3/10
    • Target

      carLambo/ZBbWBpgOmMTESxYNmfXpX.class

    • Size

      5KB

    • MD5

      18c2f568d7762c2bbead79e1db525182

    • SHA1

      3186cc1ed39fa432011f672cc4067b8428f94422

    • SHA256

      91b476df57926ec04679c22143ead8a3a7e34eea4dff43aabf8f93499d3e6272

    • SHA512

      ee512a1d3824440f31db90c2b2c73918dad420ebc010a5cd976e1dd24098f3335cab797ed25814ff3f8a835f843d7faec1785e47a7cb83eb69b91ee092d02bc1

    • SSDEEP

      96:VV7fDdMGX3Xzw/e1h+3XOvtQyMuRzkRfjFA+YK9X71VPCw0:D7f6CuGk/YzkRfPBl0

    Score
    3/10
    • Target

      carLambo/cnrXdWOSpajnDCDOTKUUo.class

    • Size

      2KB

    • MD5

      b66fbfcd52d631486dcb3a333adb291b

    • SHA1

      c9dd15ecdae03b29c2c4a9a2dbf614d1200ddd92

    • SHA256

      414cbd7d4fc60195ebb5087c5c0223b64ae4793f1a7ec9bcdf3204e4d29ac79c

    • SHA512

      1eeabc6763e3a9f33aa1216b1a518b5897d1fb845f1d1b6cc821cf2ad5856b25e092680e01701002417662e2ac8cad4dbbdc2a498ca80202ef56cbfa58404503

    Score
    3/10
    • Target

      carLambo/dDWcwWhGOWwQQirQcyCEh.class

    • Size

      379B

    • MD5

      2b8fd9b948b11d75495fbbfad92b88cb

    • SHA1

      c88f101aa7588f554bcc9c9cd83f631f7bdd8c0e

    • SHA256

      fef2de74688cc4ea7516eb7838204ff7a8b5bb6b686ba33fec89cace9a9f9482

    • SHA512

      0b4c6819a2526248d59dc20b84dfd2c67e53dbe25ff401750fa0440bf3032a42772327faabb5df321c4bb4aa42874a99929c66a25daa2223672f11a079fb6b34

    Score
    3/10

MITRE ATT&CK Enterprise v6

Tasks