General
-
Target
c9df6c469bcd94d60183c41adff16ddd_JaffaCakes118
-
Size
223KB
-
Sample
240829-3w6jtsxekf
-
MD5
c9df6c469bcd94d60183c41adff16ddd
-
SHA1
6c1201a53e192812bb63e8974761a02e64537d91
-
SHA256
a71158386084e07d7574608d7870ae363e5b06111ba3ec101b5756ee3b400dd7
-
SHA512
86f960c239e450e62d51ef0b5a38de8b445cdbee31400cae6a1e0e9f1c7d4e61688c04b02a9269094456669a30c6dc99bcc4c7351e47f1985e46e5ec77fcf17e
-
SSDEEP
3072:D/D2042XwKm0XprAhxrmzKUKO80NKeboE/71BoMuJkrNuLD7mAUA:LD204WBXF7zeO88hs67PoJ4uSAUA
Malware Config
Extracted
strrat
deaphnote.ddns.net:47580
127.0.0.1:7888
-
license_id
RUGR-ATSN-D14P-VBXX-49LW
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
false
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
c9df6c469bcd94d60183c41adff16ddd_JaffaCakes118
-
Size
223KB
-
MD5
c9df6c469bcd94d60183c41adff16ddd
-
SHA1
6c1201a53e192812bb63e8974761a02e64537d91
-
SHA256
a71158386084e07d7574608d7870ae363e5b06111ba3ec101b5756ee3b400dd7
-
SHA512
86f960c239e450e62d51ef0b5a38de8b445cdbee31400cae6a1e0e9f1c7d4e61688c04b02a9269094456669a30c6dc99bcc4c7351e47f1985e46e5ec77fcf17e
-
SSDEEP
3072:D/D2042XwKm0XprAhxrmzKUKO80NKeboE/71BoMuJkrNuLD7mAUA:LD204WBXF7zeO88hs67PoJ4uSAUA
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-