General
-
Target
cab.zip
-
Size
434KB
-
Sample
240718-h1wvza1fla
-
MD5
30c8b48d54bfd3be087163d2d4ec3bae
-
SHA1
ecce21783534bce09a3d0c7f9eb573091dbb9a76
-
SHA256
bee58c6ca7604c6947eae5d73e39e8573473beba276c27efc6cff6ece65e0c86
-
SHA512
b75a806fa083593ef87e5a31c18c774dce674907d0acf1c0fdda6b8531d3242710329d5a4c313a1cf6adb935c49d8f67af8c86f7b483638f61abe241dd5119d4
-
SSDEEP
12288:av6dS0umjKRrv6D72vEj1RTixOiqU+SQn:av6dS0umjGq72IRTixOiqUzQn
Malware Config
Extracted
strrat
lozado.duia.ro:9553
pingyoung.duckdns.org:9553
-
license_id
MB4Q-SLG2-7HDN-EM52-K3JL
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
false
-
secondary_startup
true
-
startup
false
Targets
-
-
Target
parcel_label_photo.vhdx
-
Size
36.0MB
-
MD5
48806b8dd97db25041bc3678a095dba4
-
SHA1
9c1a36fd5ca76390d4a102e1f5e85977d9d22b8c
-
SHA256
6d59388482835a122b9522752ef1c61b249ed12909258fab0aa10de69f3bf26d
-
SHA512
0fd66a64e816eb9ac19d9991e60e6189317fac04f00707dca6531074a48b1bfc5cfcfc76a65f2961a6ec87ee0f30a450443a94eecc3f9e8417cca95dfc8cc359
-
SSDEEP
6144:9rZn7y/EGuH/cpiysa2yuGncYM5YAImUaBe1Y0Pgne8cq1Gt8PbdC:1UDuH/c8ysCuGnNmUaBe1Nm1Y
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-