Overview

overview

10

Static

static

10

Bestellung...13.jar

windows7-x64

1

Bestellung...13.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BestellungEB0072813.jar

  • Size

    264KB

  • Sample

    241124-s2yfaswndw

  • MD5

    22e8620c225d7564c53f6ca7db746287

  • SHA1

    453abc30984f9539caae210cbe7faef14125b720

  • SHA256

    e372346f5b509d48a96674d94bc7e3437b679d3fe1bb2216956e260a91bbc1d9

  • SHA512

    fb4ef7c0051012c5ebb096515af7c95a706fcef0f43e43a01c177e40c4c689fe31c774a3bc9c4fda2812d1b76f05db520b7389f2a25fc3804b14dc0215b5ebde

  • SSDEEP

    3072:aXjFr3/xSMxJap+e5INlDkin+lykIM28c3BGAROj4g7PoTlHk2U5fpoQRHa4U9Gd:aprJSMC8Kr6aOyPWlHXIvHa5GOa

Score
10/10
strratpersistencestealertrojan

Malware Config

Extracted

Family

strrat

C2

badmiles.ddns.net:5055

Attributes
  • license_id

    4OI0-V4TA-Z8G4-WQF1-B9VH

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      BestellungEB0072813.jar

    • Size

      264KB

    • MD5

      22e8620c225d7564c53f6ca7db746287

    • SHA1

      453abc30984f9539caae210cbe7faef14125b720

    • SHA256

      e372346f5b509d48a96674d94bc7e3437b679d3fe1bb2216956e260a91bbc1d9

    • SHA512

      fb4ef7c0051012c5ebb096515af7c95a706fcef0f43e43a01c177e40c4c689fe31c774a3bc9c4fda2812d1b76f05db520b7389f2a25fc3804b14dc0215b5ebde

    • SSDEEP

      3072:aXjFr3/xSMxJap+e5INlDkin+lykIM28c3BGAROj4g7PoTlHk2U5fpoQRHa4U9Gd:aprJSMC8Kr6aOyPWlHXIvHa5GOa

    Score
    10/10
    strratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Strrat family

      strrat

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks