General
-
Target
97c286c75e026d80a7dbdd4ec83e6790f1f7870cc55ed3a6ba1ac6930038c317.jar
-
Size
269KB
-
Sample
240727-b4zbyayfkr
-
MD5
02838f5d8a7b250b4a402bab33dff28a
-
SHA1
85cc4280d888efe5d747330fe2423eaa41571060
-
SHA256
97c286c75e026d80a7dbdd4ec83e6790f1f7870cc55ed3a6ba1ac6930038c317
-
SHA512
fe2fc39fbe7ca50b78999222c7eac02113bac5a3ef03a266a761d5108a7d7acc730af8ac9e3d3f11b6e0e4b463820e60dbd4cf721ea97cdedb177a031b41b336
-
SSDEEP
3072:oNSF+wmsDOpmb3npKWUILc4f/l+nGJ82J4w8J16AbOOgMvux1ejZqgPnBB:o4gwmsqpmVgc/4ne80y1elMvjlqu
Malware Config
Extracted
strrat
lozado.duia.ro:9553
pingyoung.duckdns.org:7744
-
license_id
MB4Q-SLG2-7HDN-EM52-K3JL
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
false
-
secondary_startup
true
-
startup
false
Targets
-
-
Target
97c286c75e026d80a7dbdd4ec83e6790f1f7870cc55ed3a6ba1ac6930038c317.jar
-
Size
269KB
-
MD5
02838f5d8a7b250b4a402bab33dff28a
-
SHA1
85cc4280d888efe5d747330fe2423eaa41571060
-
SHA256
97c286c75e026d80a7dbdd4ec83e6790f1f7870cc55ed3a6ba1ac6930038c317
-
SHA512
fe2fc39fbe7ca50b78999222c7eac02113bac5a3ef03a266a761d5108a7d7acc730af8ac9e3d3f11b6e0e4b463820e60dbd4cf721ea97cdedb177a031b41b336
-
SSDEEP
3072:oNSF+wmsDOpmb3npKWUILc4f/l+nGJ82J4w8J16AbOOgMvux1ejZqgPnBB:o4gwmsqpmVgc/4ne80y1elMvjlqu
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-