General

  • Target

    cd0efb507debe4ce7d2e881ad977bb030dea0ee3bcf1d9d59552543a143bd60a.zip

  • Size

    184KB

  • MD5

    dfa44579b147040e76a595dc311315b8

  • SHA1

    79c5a2b7721186eb63be7def9a15a72708dd9d0c

  • SHA256

    cd0efb507debe4ce7d2e881ad977bb030dea0ee3bcf1d9d59552543a143bd60a

  • SHA512

    4247270ab200a388876332780986b8a42ddd879cc9a98c18a6501ec6b67d7ca353c69750bdbc6769c47defab1a747c8d77115d5180c2684d3fd5598f20350727

  • SSDEEP

    3072:qyzB3n0Ts+QithhXk9hhVaLntgBuy+RVgAhBvVGHWP8q6rcGKJxAl3Nd92E:qyzB3GQSXkDIgBrOR7w2kh5Sxqd9H

Score
10/10

Malware Config

Extracted

Family

strrat

C2

macostopacros.3utilities.com:3095

prtoacasedted.3utilities.com:4056

Attributes
  • license_id

    17SH-99EQ-GWIE-XC0R-AXNZ

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    false

  • secondary_startup

    true

  • startup

    true

Signatures

Files

  • cd0efb507debe4ce7d2e881ad977bb030dea0ee3bcf1d9d59552543a143bd60a.zip
    .zip
  • Punjb_national_bnk_024_late_return_counta_Inward-clearin_jpg.jar
    .jar