General
-
Target
34a5fded010cded1de9c6f1336396131_JaffaCakes118
-
Size
136KB
-
Sample
241011-n17v5a1bjd
-
MD5
34a5fded010cded1de9c6f1336396131
-
SHA1
3e5f4209383e33881b44caf5ba6646dd4c7b0b1d
-
SHA256
e91d0d0170c7682404fb2a6c156789cf2c6cb7a3f98369b22f0b461ec5fa84f4
-
SHA512
bcf07ab182d91c0a79cf10a9bac29cde0e467081de317d97ae16b8bf13c513072d3b0c57134f3595dc95358f8ca6313dbbefdd934ea77853ad4b7484896d8217
-
SSDEEP
3072:0cj0VqIigNhstMizfhFY2TMjbRvukBGeYXxxN9c3B4kvBwqVZ:0cQC7zf+RxG9XTNA42BpZ
Behavioral task
behavioral1
Sample
doc20210812876462_PDF.jar
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
doc20210812876462_PDF.jar
Resource
win10v2004-20241007-en
Malware Config
Extracted
strrat
79.134.225.26:7888
-
license_id
3CJV-H140-XWVJ-P21B-U6QX
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
doc20210812876462_PDF.jar
-
Size
94KB
-
MD5
9f431f7105d073752fd396105dc898ef
-
SHA1
62058bd9d3683d7a6983d36722fede080b87c3d3
-
SHA256
32cbcd636b3295b79872dc883f84bd3c5f378f9e2bd64a73148e8a3d5d6d58f9
-
SHA512
26df1f20d773c009df88e440a484dd5feafc8f3ef46ddf90fcd465eb1c4b44bff112a44c2f79b9168aa64564bfd7a48ec14d110384e3d5d3944b9ada1460aee0
-
SSDEEP
1536:Ex4jk2LwtGGBCRLwZ0MQ6i98iZGmAT5hSXx93uf3gdTsypX7GufP16wzInBvOwv:VjLwtGLi0MQ6iS8ATo9efwfplP11zC
Score10/10-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1