General
-
Target
ba35fe8207a2fcc8b983e296971b9ed855e97403864deb2e598378c24a850379.jar
-
Size
265KB
-
Sample
241219-eczp6swngs
-
MD5
d480c8eef4a045e9595f8d6364891e4c
-
SHA1
82be46d99b9514607f1f150d4df0fd15996e5f9f
-
SHA256
ba35fe8207a2fcc8b983e296971b9ed855e97403864deb2e598378c24a850379
-
SHA512
43d2d4c7621b9c262435a0723d207f0d500d29b6ac01e538a91e9d424964fec26593fb37760714e9e8fc3d483e722920f61d81c243b7230cb755bb1584b72891
-
SSDEEP
6144:0QSTmxKpIc5rvE7kJVRYeJTsdFAgesC+yZdgJ4:/UF57wyqeJTs0hzc4
Behavioral task
behavioral1
Sample
ba35fe8207a2fcc8b983e296971b9ed855e97403864deb2e598378c24a850379.jar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ba35fe8207a2fcc8b983e296971b9ed855e97403864deb2e598378c24a850379.jar
Resource
win10v2004-20241007-en
Malware Config
Extracted
strrat
chongmei33.publicvm.com:44662
jinvestments.duckdns.org:44662
-
license_id
khonsari
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
ba35fe8207a2fcc8b983e296971b9ed855e97403864deb2e598378c24a850379.jar
-
Size
265KB
-
MD5
d480c8eef4a045e9595f8d6364891e4c
-
SHA1
82be46d99b9514607f1f150d4df0fd15996e5f9f
-
SHA256
ba35fe8207a2fcc8b983e296971b9ed855e97403864deb2e598378c24a850379
-
SHA512
43d2d4c7621b9c262435a0723d207f0d500d29b6ac01e538a91e9d424964fec26593fb37760714e9e8fc3d483e722920f61d81c243b7230cb755bb1584b72891
-
SSDEEP
6144:0QSTmxKpIc5rvE7kJVRYeJTsdFAgesC+yZdgJ4:/UF57wyqeJTs0hzc4
Score10/10-
Strrat family
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1