General
-
Target
b1b3403d8ae2871c50f7a5cdb7f9d83634a83c23072468fe71d0538c912bbad8.jar
-
Size
172KB
-
MD5
fb8a3018ade8d911f0c205d832c3279d
-
SHA1
16e480ffe0238e85318ad5ddd370ce55f296dd2d
-
SHA256
b1b3403d8ae2871c50f7a5cdb7f9d83634a83c23072468fe71d0538c912bbad8
-
SHA512
2a25900dc96f50e04ccd9a1dfc4dc202b7ae8dfa63c099058cd9f237aaddde2a669b9ba4e7f822f71b7b01027cc4923703760ed7c4ea168b2fe9462b475833cd
-
SSDEEP
3072:JwtgWCeR01ZvdgOpw8CNc45gOI5IM7hSIhesNMqeD9mcvyJGJ5fjjh1:qtgWkppuc4Fy7UIhes2548fv/
Score
10/10
Malware Config
Extracted
Family
strrat
C2
193.25.214.192:8238
Attributes
-
license_id
BTK7-0GGP-XV7B-WYAO-3UER
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Signatures
-
Detects PowerShell content designed to retrieve passwords from host 1 IoCs
-
Strrat family
Files
-
b1b3403d8ae2871c50f7a5cdb7f9d83634a83c23072468fe71d0538c912bbad8.jar