General

  • Target

    fa454076cf36fe6868d54215ebb345cd9d6c8423fa9bd9f0bd56df9074915215.zip

  • Size

    88KB

  • Sample

    241021-cdrd3svdmn

  • MD5

    c00501fc6a943e9212f1d0fd93235daa

  • SHA1

    8ce6b95d7fac24cbb66ab2432dd9d90668c485a9

  • SHA256

    fa454076cf36fe6868d54215ebb345cd9d6c8423fa9bd9f0bd56df9074915215

  • SHA512

    d98364f960cf22f2766404c6311487eb73ecc59ab610dde8549462c93a00b69245b035ec5061ff180eb001ed582c2fae385444a0a787eee3471d9c07beaa3a28

  • SSDEEP

    1536:gQBto+OSHJ9jIAhS77WX/boWVFXUIuAUt8mMUsluRtuO8jNKg3v:gkv3VPXJuAUK8BuO8jN9

Malware Config

Extracted

Family

strrat

C2

194.5.98.243:7123

194.5.98.243:7234

Attributes
  • license_id

    FREF-6ILG-J2DN-PT5K-AYC2

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      fa454076cf36fe6868d54215ebb345cd9d6c8423fa9bd9f0bd56df9074915215.zip

    • Size

      88KB

    • MD5

      c00501fc6a943e9212f1d0fd93235daa

    • SHA1

      8ce6b95d7fac24cbb66ab2432dd9d90668c485a9

    • SHA256

      fa454076cf36fe6868d54215ebb345cd9d6c8423fa9bd9f0bd56df9074915215

    • SHA512

      d98364f960cf22f2766404c6311487eb73ecc59ab610dde8549462c93a00b69245b035ec5061ff180eb001ed582c2fae385444a0a787eee3471d9c07beaa3a28

    • SSDEEP

      1536:gQBto+OSHJ9jIAhS77WX/boWVFXUIuAUt8mMUsluRtuO8jNKg3v:gkv3VPXJuAUK8BuO8jN9

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks