General

  • Target

    PAYMENT-9262023.js

  • Size

    293KB

  • Sample

    230926-mprt4age4t

  • MD5

    f3b567669e8b937dc08bc81a2f7bf6ac

  • SHA1

    383cc6008c5c78178e8e18611a7f4d4dea28d7f4

  • SHA256

    24d1e734345b0206fd0c673cb5a98f876cf4392c79c5f5dc5237b61ca37afb7c

  • SHA512

    6eb2ce7251af2a45a9b5c24e4e3674407a3648e56418c68c34476aed0d4a6cecf50bfe2584db7806e9030896708a66a4338dac8a1b50e8529a661bb724e5fc6a

  • SSDEEP

    6144:R4xBc0zl1+gb1S04ipaJftEXWJcNjVe/510D4cgNO:ReBzCgbrPm6W+NVu10ccgY

Score
10/10

Malware Config

Extracted

Family

strrat

C2

96.47.233.13:8454

Attributes
  • license_id

    7C80-HMCX-T9VH-K5QU-BQT2

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      PAYMENT-9262023.js

    • Size

      293KB

    • MD5

      f3b567669e8b937dc08bc81a2f7bf6ac

    • SHA1

      383cc6008c5c78178e8e18611a7f4d4dea28d7f4

    • SHA256

      24d1e734345b0206fd0c673cb5a98f876cf4392c79c5f5dc5237b61ca37afb7c

    • SHA512

      6eb2ce7251af2a45a9b5c24e4e3674407a3648e56418c68c34476aed0d4a6cecf50bfe2584db7806e9030896708a66a4338dac8a1b50e8529a661bb724e5fc6a

    • SSDEEP

      6144:R4xBc0zl1+gb1S04ipaJftEXWJcNjVe/510D4cgNO:ReBzCgbrPm6W+NVu10ccgY

    Score
    10/10
    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks