General
-
Target
parcellabelphoto.jar
-
Size
269KB
-
Sample
240724-y145cavclp
-
MD5
cb84539068e070deefef09bbf433a193
-
SHA1
23ee768905fbc929a0fbff00aa1c2e293d05294f
-
SHA256
67a577db60b011be196c1ac971a8e68c3cfa49df9e16319b4480c81011e23ff5
-
SHA512
ecb5f1b90c7207d9a0998cc926fa5dd0fca325a60b99a9fbd559cb1a1612c03eeba82f59d5d3812146119119e11fe445819fe944b05558ec7ce44742313a526a
-
SSDEEP
3072:cNvS+em7Nj84b3nTKEUeLQ42Dl+nGJ80TzwXJ10VbO4fI0uDVPjXagPn4ni:cl9em7N84/8dDgne88m1H8I0IDaM
Malware Config
Extracted
strrat
lozado.duia.ro:9553
pingyoung.duckdns.org:7744
-
license_id
MB4Q-SLG2-7HDN-EM52-K3JL
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
false
-
secondary_startup
true
-
startup
false
Targets
-
-
Target
parcellabelphoto.jar
-
Size
269KB
-
MD5
cb84539068e070deefef09bbf433a193
-
SHA1
23ee768905fbc929a0fbff00aa1c2e293d05294f
-
SHA256
67a577db60b011be196c1ac971a8e68c3cfa49df9e16319b4480c81011e23ff5
-
SHA512
ecb5f1b90c7207d9a0998cc926fa5dd0fca325a60b99a9fbd559cb1a1612c03eeba82f59d5d3812146119119e11fe445819fe944b05558ec7ce44742313a526a
-
SSDEEP
3072:cNvS+em7Nj84b3nTKEUeLQ42Dl+nGJ80TzwXJ10VbO4fI0uDVPjXagPn4ni:cl9em7N84/8dDgne88m1H8I0IDaM
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-