General

  • Target

    03175399.jar

  • Size

    218KB

  • MD5

    a815ac738840c8682aa245ab42476d19

  • SHA1

    3617a9293fbe42ae26cd1c3423ff0a117999d952

  • SHA256

    a67fc3dec1318660696b553653929426bc6a061031de462ab57ceace5754a821

  • SHA512

    195a93dec560c21281e8206a6dd472a4b06e29ebd49b94f688938cccc1684b9cfaa9d257ecce7d058b9769d23ebedb030f8ef0d9b1682d131c7a98360af825fd

  • SSDEEP

    6144:eRSMKMKwBT6AqCSzH+mYol+vr+Wp04TwA:eRSJtKOvCSzemhl+vr+uTwA

Score
10/10

Malware Config

Extracted

Family

strrat

C2

microsoftmicrosoftmicrosoft.ydns.eu:4545

lefteriskkokkiskikinew.ydns.eu:4142

Attributes
  • license_id

    XUGN-HLIA-Z9LB-8NGB-WYLV

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Signatures

Files

  • 03175399.jar
    .zip
  • META-INF/MANIFEST.MF
  • carLambo/EpWofAJVbFslmSVoJiOKl.class
  • carLambo/FirstRun.class
  • carLambo/GDI32.class
  • carLambo/HBrowserNativeApis.class
  • carLambo/Kernel32.class
  • carLambo/KhMkDuVtwQiqTmvRKNRUO.class
  • carLambo/MvtPefgRyYqmhJkLbJFZM.class
  • carLambo/ODxCDSlzXcVsVaqVcnjYn.class
  • carLambo/QULuOzqHXCcwKyTrdxVnN.class
  • carLambo/RZyWOkqJLQlVrMxWGpvsk.class
  • carLambo/VQZSJWtbIIIWStAmVeEzG.class
  • carLambo/WeZvnzdveHuSZcFllCmbF.class
  • carLambo/XYRGkdetsPPNCXpnbnjzm.class
  • carLambo/ZBbWBpgOmMTESxYNmfXpX.class
  • carLambo/cnrXdWOSpajnDCDOTKUUo.class
  • carLambo/dDWcwWhGOWwQQirQcyCEh.class
  • carLambo/gCPKYysqXMFyxNabkrVLu.class
  • carLambo/jPxRFomLIxieoAwVnbZZB.class
  • carLambo/jvGiRzuqHKyoFzmniChiQ.class
  • carLambo/kerwxsFYKQQpFnZxmdhol.class
  • carLambo/pxediHteaUvlarrTiPSYI.class
  • carLambo/rtGXPjUZxallAoSSmgloP.class
  • carLambo/uRGJzWfTnzKuwPEXKkZye.class
  • carLambo/waFtJNDBjqFLqsSMaeYuF.class
  • carLambo/xqJZThxKeRDSwElDizbIv.class