General
-
Target
62271ce84033d4463bd6f753675466f45ccc6c3a063c78c2c5b0346c23d3c470.zip
-
Size
275KB
-
Sample
240712-z3wressgld
-
MD5
3c39f5d219ff8006dbab0ce247bf7232
-
SHA1
39d19e5df70bdaa97afdf80c0ac8cbec2bb9625f
-
SHA256
62271ce84033d4463bd6f753675466f45ccc6c3a063c78c2c5b0346c23d3c470
-
SHA512
5ca723aa2ee65799180897bd263d9403aec2890e0f4d8d453b4be555f88e4223915e454e991e3d3d98b1b7f4fa388bbe947193249b2e78c2e90db38455d8ce74
-
SSDEEP
6144:DYoXFR4xZ+WStJ112liBt9+CNyELmhzPlZCiu4nVB:DvDikmlG+CM1TlZC+VB
Malware Config
Extracted
strrat
185.222.58.80:7688
127.0.0.1:0
-
license_id
6XKE-02Q8-MHKN-IOHS-FMRJ
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
62271ce84033d4463bd6f753675466f45ccc6c3a063c78c2c5b0346c23d3c470.zip
-
Size
275KB
-
MD5
3c39f5d219ff8006dbab0ce247bf7232
-
SHA1
39d19e5df70bdaa97afdf80c0ac8cbec2bb9625f
-
SHA256
62271ce84033d4463bd6f753675466f45ccc6c3a063c78c2c5b0346c23d3c470
-
SHA512
5ca723aa2ee65799180897bd263d9403aec2890e0f4d8d453b4be555f88e4223915e454e991e3d3d98b1b7f4fa388bbe947193249b2e78c2e90db38455d8ce74
-
SSDEEP
6144:DYoXFR4xZ+WStJ112liBt9+CNyELmhzPlZCiu4nVB:DvDikmlG+CM1TlZC+VB
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1