Overview

overview

10

Static

static

10

e372346f5b...d9.jar

windows7-x64

1

e372346f5b...d9.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22e8620c225d7564c53f6ca7db746287.bin

  • Size

    194KB

  • Sample

    241126-bdm6zssnan

  • MD5

    8382d1fe11644b5fd74fb4786d8bafd1

  • SHA1

    05f946d869e7cb5681d396dbc49dbcc2a5afd0ad

  • SHA256

    1530720fb912d1441db7ea15a88f3936560ed4c305220752ed738327fa0ca812

  • SHA512

    8ab13edbdd7effd017220d4e54dc767879cf17445b85c6abe0cfa25f65e07246d7d6a5bf325f42b05062fdd80960d3f82a077dce7e96315970457cc84f6cd5f7

  • SSDEEP

    3072:J0B9vAjt4S80S8cLHccfJnYu8gYgDiBQzdsqE1JVyzngSHyTOxBX2mZG:Jo2jyP0HcbcomIdvlnairGmZG

Score
10/10
strratpersistencestealertrojan

Malware Config

Extracted

Family

strrat

C2

badmiles.ddns.net:5055

Attributes
  • license_id

    4OI0-V4TA-Z8G4-WQF1-B9VH

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      e372346f5b509d48a96674d94bc7e3437b679d3fe1bb2216956e260a91bbc1d9.jar

    • Size

      264KB

    • MD5

      22e8620c225d7564c53f6ca7db746287

    • SHA1

      453abc30984f9539caae210cbe7faef14125b720

    • SHA256

      e372346f5b509d48a96674d94bc7e3437b679d3fe1bb2216956e260a91bbc1d9

    • SHA512

      fb4ef7c0051012c5ebb096515af7c95a706fcef0f43e43a01c177e40c4c689fe31c774a3bc9c4fda2812d1b76f05db520b7389f2a25fc3804b14dc0215b5ebde

    • SSDEEP

      3072:aXjFr3/xSMxJap+e5INlDkin+lykIM28c3BGAROj4g7PoTlHk2U5fpoQRHa4U9Gd:aprJSMC8Kr6aOyPWlHXIvHa5GOa

    Score
    10/10
    strratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Strrat family

      strrat

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks