Overview

overview

10

Static

static

10

fa454076cf...15.jar

windows7-x64

1

fa454076cf...15.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c00501fc6a943e9212f1d0fd93235daa.bin

  • Size

    83KB

  • Sample

    241022-b6zeqa1hlj

  • MD5

    1fb73cc73c5ff5fac405e132cb7cfe8b

  • SHA1

    aa6d2f0d17e7a89a9833c190facd4d2f6800c2ca

  • SHA256

    8e16501f537f89644518cd23b4d1b3ca8c78419d82745f35c2914da0a6dc8128

  • SHA512

    f89505dd73313c96faa43603a866aed624bd8072815e33b4594d635d6275a543eafabbdfc57b36839212629bbfe823125e988bdc4ea8ec8500eec671412ae453

  • SSDEEP

    1536:gfAE7SloWVZ6m5eolFdZR4Ewe7xjIPQOQDwuwOvmGk6jT925qCB6r:qgZ6mUIdsE9xjI4lDdwjEnIoCBg

Score
10/10
strratpersistencestealertrojan

Malware Config

Extracted

Family

strrat

C2

194.5.98.243:7123

194.5.98.243:7234
Attributes
  • license_id

    FREF-6ILG-J2DN-PT5K-AYC2

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      fa454076cf36fe6868d54215ebb345cd9d6c8423fa9bd9f0bd56df9074915215.zip

    • Size

      88KB

    • MD5

      c00501fc6a943e9212f1d0fd93235daa

    • SHA1

      8ce6b95d7fac24cbb66ab2432dd9d90668c485a9

    • SHA256

      fa454076cf36fe6868d54215ebb345cd9d6c8423fa9bd9f0bd56df9074915215

    • SHA512

      d98364f960cf22f2766404c6311487eb73ecc59ab610dde8549462c93a00b69245b035ec5061ff180eb001ed582c2fae385444a0a787eee3471d9c07beaa3a28

    • SSDEEP

      1536:gQBto+OSHJ9jIAhS77WX/boWVFXUIuAUt8mMUsluRtuO8jNKg3v:gkv3VPXJuAUK8BuO8jN9

    Score
    10/10
    strratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks