General
-
Target
Prosba-o-oferte.jar
-
Size
41KB
-
Sample
240305-jxvzyaba65
-
MD5
b225f83a537673f3053e63db84a30662
-
SHA1
55ea9f056d46bdd03a78df3e885565ec845a31c1
-
SHA256
7c79a4eed33e40230de0b79cef9fc5425916aea40ae610b234720f609f50b764
-
SHA512
f5453270287724b2b2e576feb9745c35dfb3069029b0d28a69e9415e6b40f55bf7e91cff0f42217c6024d7d0e8e8d20dc47cfa9d08c4182a2406c13378aef523
-
SSDEEP
768:3/AKKv6LboyiFV9jKJ6K71Ifu+Lh+FP+6I3zY103e0NhyDEj:YJvIaV9LqCush+FPKs10ufDE
Malware Config
Extracted
strrat
elastsolek21.duckdns.org:4781
zekeriyasolek45.duckdns.org:4781
-
license_id
WFC9-W4KB-388F-9KY1-S6JV
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
Prosba-o-oferte.jar
-
Size
41KB
-
MD5
b225f83a537673f3053e63db84a30662
-
SHA1
55ea9f056d46bdd03a78df3e885565ec845a31c1
-
SHA256
7c79a4eed33e40230de0b79cef9fc5425916aea40ae610b234720f609f50b764
-
SHA512
f5453270287724b2b2e576feb9745c35dfb3069029b0d28a69e9415e6b40f55bf7e91cff0f42217c6024d7d0e8e8d20dc47cfa9d08c4182a2406c13378aef523
-
SSDEEP
768:3/AKKv6LboyiFV9jKJ6K71Ifu+Lh+FP+6I3zY103e0NhyDEj:YJvIaV9LqCush+FPKs10ufDE
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Drops startup file
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1