General

  • Target

    m_AP Remittance - L - Ref S158578-3_PDF.zip

  • Size

    66KB

  • Sample

    230921-te6c3ahb8x

  • MD5

    e0626846ef33edb6013bcd2a81d733e6

  • SHA1

    4949e675c35df0be361abb5d793cb199dda90d8d

  • SHA256

    f7232989ee2ad63a73dac3203924245ee40cafe9a641141ffd8c7768e0853351

  • SHA512

    0e43fd3143a3f51f2af417e212596ba7f5ea8afbe7727943f7b517234557a29e9e82d47fafac5b63f3d2e8030a895a9c853c4ba7a12e8b811b24e4cb60807046

  • SSDEEP

    1536:/2ku+eZoYDPyhsHVYFD0u8OZG8doPBF4+rbT5TMEfo8H8E3hkC:en+eCOHVYePbnDPmEfo8H8E33

Malware Config

Extracted

Family

strrat

C2

str01.3utilities.com:8888

127.0.0.1:8888

Attributes
  • license_id

    3H9W-V5UN-LQSP-Z89I-41OC

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      AP Remittance - L - Ref S158578-4_PDF.jar

    • Size

      68KB

    • MD5

      052f8ca40a7bc61719d275dcbda72790

    • SHA1

      a3b43585f2ec3c8ff580f3b810a1fb92a05ec249

    • SHA256

      ccaa1364264bf43edefa2f9e1439fa02f5a667fd0f724f620c43842a8e365123

    • SHA512

      f7497e0dd59424f35948c132895589cd2359ffdcc996cbb2495233431ea672ff13984ca7dc32022e0ab36c2395d8714191b47f4dae41eaafcdf9ed95c44427b1

    • SSDEEP

      1536:iYJBqZs+9H1SDQjGETHlE+hy9b12/aJV14sk1NthMfI6hzRENWJ5q:imcs21osGETHlHhy9b18aJVCseNTmxhs

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks