General
-
Target
03e4c903cc2cbe8854e6af1bd5e741d88da5c35732c7b051215ecf9d6be10c10.jar
-
Size
209KB
-
Sample
240306-ce5cbshb98
-
MD5
a525cd786d7fee35ba4a2a0f2ea4ed13
-
SHA1
55134d1b471873fc23f218116fed9def4e600a14
-
SHA256
03e4c903cc2cbe8854e6af1bd5e741d88da5c35732c7b051215ecf9d6be10c10
-
SHA512
1d8a76e0642f92f011ce4b3560084095768be7108d44c3751d1301ed821669d81908fa3d3b2169aca459abf52be4858bbb2895cd76f08bc242f458552fb9d429
-
SSDEEP
6144:kEq8dJWHf/lT5xqQzyjRhcV7FaVjuFPIVmyKH:kEjdo37EQ8q7FaVeYKH
Malware Config
Extracted
strrat
jugoken567.ddns.net:7800
103.151.123.225:7800
-
license_id
DB1U-CVGT-7HUG-X0A0-GNWH
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
03e4c903cc2cbe8854e6af1bd5e741d88da5c35732c7b051215ecf9d6be10c10.jar
-
Size
209KB
-
MD5
a525cd786d7fee35ba4a2a0f2ea4ed13
-
SHA1
55134d1b471873fc23f218116fed9def4e600a14
-
SHA256
03e4c903cc2cbe8854e6af1bd5e741d88da5c35732c7b051215ecf9d6be10c10
-
SHA512
1d8a76e0642f92f011ce4b3560084095768be7108d44c3751d1301ed821669d81908fa3d3b2169aca459abf52be4858bbb2895cd76f08bc242f458552fb9d429
-
SSDEEP
6144:kEq8dJWHf/lT5xqQzyjRhcV7FaVjuFPIVmyKH:kEjdo37EQ8q7FaVeYKH
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Drops startup file
-
Modifies file permissions
-
Adds Run key to start application
-