General

  • Target

    PO24002292.jar

  • Size

    265KB

  • Sample

    241203-p8m2cswngv

  • MD5

    e8ddb75a282aee7eb4eecf0c74e36d85

  • SHA1

    e0d5be98174944955b5021319fc4d75272384e18

  • SHA256

    a469607d0cf5285e85bd4faff17cb1f393ea6d8f6002a99536c189b669681763

  • SHA512

    0e8846ed48d38ca442780fadf68766af3f32ab2304028371e8cc66af808dd2cb3f49921a4d9e69d01f89574307f18c0185c111f3f24e9411a76bec82c9c6a6af

  • SSDEEP

    3072:a4yl5XE8QSJVqqOsBUJKI0sJ+JeRMfGPx0XFYf0ADJApUTWj3HKzRfJce+XvTD/:aVDZmqOaI0sJqGMfnFYf0ADJA+TWOzO3

Malware Config

Extracted

Family

strrat

C2

badmiles.ddns.net:5055

Attributes
  • license_id

    4OI0-V4TA-Z8G4-WQF1-B9VH

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      PO24002292.jar

    • Size

      265KB

    • MD5

      e8ddb75a282aee7eb4eecf0c74e36d85

    • SHA1

      e0d5be98174944955b5021319fc4d75272384e18

    • SHA256

      a469607d0cf5285e85bd4faff17cb1f393ea6d8f6002a99536c189b669681763

    • SHA512

      0e8846ed48d38ca442780fadf68766af3f32ab2304028371e8cc66af808dd2cb3f49921a4d9e69d01f89574307f18c0185c111f3f24e9411a76bec82c9c6a6af

    • SSDEEP

      3072:a4yl5XE8QSJVqqOsBUJKI0sJ+JeRMfGPx0XFYf0ADJApUTWj3HKzRfJce+XvTD/:aVDZmqOaI0sJqGMfnFYf0ADJA+TWOzO3

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Strrat family

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks