General

  • Target

    3333050c3c251d6d86514742a16005e4.bin

  • Size

    202KB

  • MD5

    1f684bd47ddeec038ad488755b12e058

  • SHA1

    be330d9942b18166e3615aca5a103390fb35a766

  • SHA256

    36bf584a3c3ece520fb889a475ca4e2976925e70f5d240b2020ea7f882839fb8

  • SHA512

    f7949bf08ec97f119fcb9efa5e858c29081d80cc29d1602416b78007eff0e879ae7b817b3f8c85b96fc055766c6e72f6b945fc32a35dd4146aed98bb6a0ef2d0

  • SSDEEP

    3072:TJB1VgW1KIJXr4ItnUqkBrrWOiH933EVd1K5IcWzjpbhErWbsXOnTiXGp0:TlyW1KANtU/S93Ads5gzjDkW4EiXGp0

Score
10/10

Malware Config

Extracted

Family

strrat

C2

tzitziklishop3.ddns.net:7800

103.114.104.158:7800

Attributes
  • license_id

    DB1U-CVGT-7HUG-X0A0-GNWH

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Signatures

Files

  • 3333050c3c251d6d86514742a16005e4.bin
    .zip

    Password: infected

  • 67e00d139b6348ec53d26f3cdcc3e958fe76a35ea933199a615e210667a5ade7.jar
    .jar