General

  • Target

    34a5fded010cded1de9c6f1336396131_JaffaCakes118

  • Size

    136KB

  • Sample

    241011-n17v5a1bjd

  • MD5

    34a5fded010cded1de9c6f1336396131

  • SHA1

    3e5f4209383e33881b44caf5ba6646dd4c7b0b1d

  • SHA256

    e91d0d0170c7682404fb2a6c156789cf2c6cb7a3f98369b22f0b461ec5fa84f4

  • SHA512

    bcf07ab182d91c0a79cf10a9bac29cde0e467081de317d97ae16b8bf13c513072d3b0c57134f3595dc95358f8ca6313dbbefdd934ea77853ad4b7484896d8217

  • SSDEEP

    3072:0cj0VqIigNhstMizfhFY2TMjbRvukBGeYXxxN9c3B4kvBwqVZ:0cQC7zf+RxG9XTNA42BpZ

Malware Config

Extracted

Family

strrat

C2

79.134.225.26:7888

Attributes
  • license_id

    3CJV-H140-XWVJ-P21B-U6QX

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      doc20210812876462_PDF.jar

    • Size

      94KB

    • MD5

      9f431f7105d073752fd396105dc898ef

    • SHA1

      62058bd9d3683d7a6983d36722fede080b87c3d3

    • SHA256

      32cbcd636b3295b79872dc883f84bd3c5f378f9e2bd64a73148e8a3d5d6d58f9

    • SHA512

      26df1f20d773c009df88e440a484dd5feafc8f3ef46ddf90fcd465eb1c4b44bff112a44c2f79b9168aa64564bfd7a48ec14d110384e3d5d3944b9ada1460aee0

    • SSDEEP

      1536:Ex4jk2LwtGGBCRLwZ0MQ6i98iZGmAT5hSXx93uf3gdTsypX7GufP16wzInBvOwv:VjLwtGLi0MQ6iS8ATo9efwfplP11zC

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks