General

  • Target

    parcellabelphoto.jar

  • Size

    269KB

  • Sample

    240724-y145cavclp

  • MD5

    cb84539068e070deefef09bbf433a193

  • SHA1

    23ee768905fbc929a0fbff00aa1c2e293d05294f

  • SHA256

    67a577db60b011be196c1ac971a8e68c3cfa49df9e16319b4480c81011e23ff5

  • SHA512

    ecb5f1b90c7207d9a0998cc926fa5dd0fca325a60b99a9fbd559cb1a1612c03eeba82f59d5d3812146119119e11fe445819fe944b05558ec7ce44742313a526a

  • SSDEEP

    3072:cNvS+em7Nj84b3nTKEUeLQ42Dl+nGJ80TzwXJ10VbO4fI0uDVPjXagPn4ni:cl9em7N84/8dDgne88m1H8I0IDaM

Malware Config

Extracted

Family

strrat

C2

lozado.duia.ro:9553

pingyoung.duckdns.org:7744

Attributes
  • license_id

    MB4Q-SLG2-7HDN-EM52-K3JL

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    false

  • secondary_startup

    true

  • startup

    false

Targets

    • Target

      parcellabelphoto.jar

    • Size

      269KB

    • MD5

      cb84539068e070deefef09bbf433a193

    • SHA1

      23ee768905fbc929a0fbff00aa1c2e293d05294f

    • SHA256

      67a577db60b011be196c1ac971a8e68c3cfa49df9e16319b4480c81011e23ff5

    • SHA512

      ecb5f1b90c7207d9a0998cc926fa5dd0fca325a60b99a9fbd559cb1a1612c03eeba82f59d5d3812146119119e11fe445819fe944b05558ec7ce44742313a526a

    • SSDEEP

      3072:cNvS+em7Nj84b3nTKEUeLQ42Dl+nGJ80TzwXJ10VbO4fI0uDVPjXagPn4ni:cl9em7N84/8dDgne88m1H8I0IDaM

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks