General
-
Target
7ea89d19a8441cc58b7255dc9fb205fa.bin
-
Size
158KB
-
Sample
240514-cxn33afd6s
-
MD5
b030f7513e21b1c207dbeeb3c669911e
-
SHA1
180ea1a28c225a4387caf5ca0e113cda3a8c3328
-
SHA256
8a88130d07daec3eb9f08d6f1bf00479e18b3f84783c64f76e84a9f5c7a823c8
-
SHA512
e135ae1581178d7b9519e0bb418af82b79154c68e308400c329c181ac0a1b1766960836ea1b286844a6fc383d37591c5fd3ae14c5a9abae3e93d55a9daad4ab4
-
SSDEEP
3072:yLwTpev4RlxtUQfXumRvtZ7jHZLCavqeLx8mf41r/ybi6DKENjD7Z55r2:y0TpevVQfXNvz77Z2avqet87yDNjDb5K
Malware Config
Extracted
strrat
79.110.62.41:7205
127.0.0.1:7205
-
license_id
0EHD-YGMT-QM81-RD7S-07I6
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
486b68ef93d03c4e486b8ddd9e153391e7debc6839e0c09d38999dd159e30705.zip
-
Size
164KB
-
MD5
7ea89d19a8441cc58b7255dc9fb205fa
-
SHA1
2ae19607a8231bffd72353766f4017eb5492f3e8
-
SHA256
486b68ef93d03c4e486b8ddd9e153391e7debc6839e0c09d38999dd159e30705
-
SHA512
0a76f52939c305b2756fa486222210a4a8c40deff0fc753d11da899baaa84da2fed37ddbd333c6b1dc91ea07a2a1bffcaeb4db08dcbb3db97c925254e6bcbaf4
-
SSDEEP
3072:AwmVMH6YMmfEEQ9c6T4u9T7rktkOsEB0zOM4rgxgFUO0x2BRQ5Jj:AzUfvBu9TUtkOsk0RmF8x2/yF
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-