General
-
Target
3eafb74de2ee510948914c85bc60f01044bae17b12055e892c1711abc20fd64b
-
Size
203KB
-
Sample
240706-szpelsshmm
-
MD5
b6ca4213e6f097b3537f732a4ffd195f
-
SHA1
59539ba574ca3ad901331cfaef98977d68fc3ee0
-
SHA256
3eafb74de2ee510948914c85bc60f01044bae17b12055e892c1711abc20fd64b
-
SHA512
ee17012dcfd98829e4a5fae7b11c7265a16ccdb3a0682968fd115b57fef10123ff9174119fbed70c2d1cd3d63eb8437ddc3f289da3652bdf1f8aac96cde5b0e1
-
SSDEEP
3072:xxXgSiFF4/9Gc/GJrulpnKtQ3aeb01TdD9KQ0rSK2WF52G8a:xhgSiFFc/4Cl4qp01Tx9+SrG8a
Malware Config
Extracted
strrat
dollarman101.hopto.org:6060
-
license_id
ZTT1-7ZAL-XCZM-48JG-C0LB
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
3eafb74de2ee510948914c85bc60f01044bae17b12055e892c1711abc20fd64b
-
Size
203KB
-
MD5
b6ca4213e6f097b3537f732a4ffd195f
-
SHA1
59539ba574ca3ad901331cfaef98977d68fc3ee0
-
SHA256
3eafb74de2ee510948914c85bc60f01044bae17b12055e892c1711abc20fd64b
-
SHA512
ee17012dcfd98829e4a5fae7b11c7265a16ccdb3a0682968fd115b57fef10123ff9174119fbed70c2d1cd3d63eb8437ddc3f289da3652bdf1f8aac96cde5b0e1
-
SSDEEP
3072:xxXgSiFF4/9Gc/GJrulpnKtQ3aeb01TdD9KQ0rSK2WF52G8a:xhgSiFFc/4Cl4qp01Tx9+SrG8a
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1