General
-
Target
664decb40cadba3f82e79cb61a792090_JaffaCakes118
-
Size
164KB
-
Sample
240522-g5rldafa2z
-
MD5
664decb40cadba3f82e79cb61a792090
-
SHA1
e7476bbfa1da2d71ea4f8fd708a2b6cd0747a45a
-
SHA256
dce27f812a9206abac1e11bb7e61cbd5d8fcd53aa96b332e24b4971c720c44a0
-
SHA512
f88beb760c709863fbccb4a0386de175989b420635977b45f40e1cb0bf19a4df57024b77913269c09c6775f670238bbae2b4808ab64a74f307193ce58f1456bc
-
SSDEEP
3072:OdTtn4vIzxaGkNAkJ8Sqpc5VpCTHkEHBhB8DYT0z8MeB/:g9xhyAo8S38zoYTis
Malware Config
Extracted
strrat
deaphnote.ddns.net:47580
127.0.0.1:7888
-
license_id
RUGR-ATSN-D14P-VBXX-49LW
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
false
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
664decb40cadba3f82e79cb61a792090_JaffaCakes118
-
Size
164KB
-
MD5
664decb40cadba3f82e79cb61a792090
-
SHA1
e7476bbfa1da2d71ea4f8fd708a2b6cd0747a45a
-
SHA256
dce27f812a9206abac1e11bb7e61cbd5d8fcd53aa96b332e24b4971c720c44a0
-
SHA512
f88beb760c709863fbccb4a0386de175989b420635977b45f40e1cb0bf19a4df57024b77913269c09c6775f670238bbae2b4808ab64a74f307193ce58f1456bc
-
SSDEEP
3072:OdTtn4vIzxaGkNAkJ8Sqpc5VpCTHkEHBhB8DYT0z8MeB/:g9xhyAo8S38zoYTis
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-