General
-
Target
213005ac3eed9e5dfa0b00b24cf04cb9ca484b940799c47b095834681e23b807.jar
-
Size
177KB
-
MD5
9c7eaf398d41438251ea4b2c695eb250
-
SHA1
f7e64b03c8569ab52c2266d7843f2766563196c1
-
SHA256
213005ac3eed9e5dfa0b00b24cf04cb9ca484b940799c47b095834681e23b807
-
SHA512
58ee596609eed64712a87be054f7fbcd4f27ce6c81cfcb3e9792002ab40cc346646bbd8556c4d18a64efaa5e1bd8e507613a6ab78bfdd1afedccb81335957704
-
SSDEEP
3072:rvQfkUNnW5ecEO2VfscDg6HHU6XOzqQBznk7VPyXVd7gVPQj1Ab9:bXUNl/ecDgmHtkzk7Vqld7eZ
Score
10/10
Malware Config
Extracted
Family
strrat
C2
185.222.58.38:8088
Attributes
-
license_id
W8SW-IRVO-U5T5-X2TN-XZ0D
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Signatures
-
Detects PowerShell content designed to retrieve passwords from host 1 IoCs
-
Strrat family
Files
-
213005ac3eed9e5dfa0b00b24cf04cb9ca484b940799c47b095834681e23b807.jar