General

  • Target

    b6211e0aea888d1d1502812dc2a6e26c.bin

  • Size

    202KB

  • MD5

    7ce1c24bf5c13b953619a9f2f96f3065

  • SHA1

    f3fc2fcd7470d912c808c1812c3cef43f909d391

  • SHA256

    18c9eb77a8395a0f4c8c5d1ffefd3155e142fabb4b7516678e56f56704bd257e

  • SHA512

    8fcf43e8a8a9eb09a0c9533b5c7dd8cf0d329f2b9a64427a333b219be90a979a7b9cbc3089734b2f034249eec007cc042b7d2e62e3b10c66798c5d34b146807e

  • SSDEEP

    3072:6V6pHmVs3KdpC1BWd3whnXZNhlA8sYUtT8IEeOxdtiVzfr7VvytZO+skWCjmKxb9:L2tC1AdghnXLhroE3toD7VTkW+mKj

Score
10/10

Malware Config

Extracted

Family

strrat

C2

tzitziklishop3.ddns.net:7800

103.114.104.158:7800

Attributes
  • license_id

    DB1U-CVGT-7HUG-X0A0-GNWH

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Signatures

Files

  • b6211e0aea888d1d1502812dc2a6e26c.bin
    .zip

    Password: infected

  • 79098273db492173009ed9fdd408224f010bb6222a09f4f93fcc6de5bf324acc.jar
    .jar