General
-
Target
NCALayer-1.2.2-ADILETGOV.jar
-
Size
4KB
-
Sample
240730-p9jekathre
-
MD5
1d60146ca0a7eed20312eb2750e5ce10
-
SHA1
51b102215ba662c2b4c91df1403728d0894b1d2b
-
SHA256
8deb8ee811cbb3c186183950491c5c38da704b304057cdeaaf81b91e4f6e8a7e
-
SHA512
c2e2445ed728a2429bfcc8fb710de9a640b74b49f4b60361c7d7e23d115c0405e69276caf34828960fc8c8513b9d93fe8a7b02ecf59e816c6e072adc9c444993
-
SSDEEP
96:jp2KXysQ3U4dcJ4RN2cGWjklK1t/e0+U3n3XzuY3H8UAKQkH:jppCtQ4RGWjJb/F3H6giKD
Malware Config
Extracted
strrat
https://pastebin.com/raw/67b8GSUQ:13777
https://pastebin.com/raw/8umPhg86:13778
-
license_id
RPTV-2M8W-MG8W-F8QN-9ERV
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
NCALayer-1.2.2-ADILETGOV.jar
-
Size
4KB
-
MD5
1d60146ca0a7eed20312eb2750e5ce10
-
SHA1
51b102215ba662c2b4c91df1403728d0894b1d2b
-
SHA256
8deb8ee811cbb3c186183950491c5c38da704b304057cdeaaf81b91e4f6e8a7e
-
SHA512
c2e2445ed728a2429bfcc8fb710de9a640b74b49f4b60361c7d7e23d115c0405e69276caf34828960fc8c8513b9d93fe8a7b02ecf59e816c6e072adc9c444993
-
SSDEEP
96:jp2KXysQ3U4dcJ4RN2cGWjklK1t/e0+U3n3XzuY3H8UAKQkH:jppCtQ4RGWjJb/F3H6giKD
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1