General

  • Target

    ba35fe8207a2fcc8b983e296971b9ed855e97403864deb2e598378c24a850379.jar

  • Size

    265KB

  • Sample

    241219-eczp6swngs

  • MD5

    d480c8eef4a045e9595f8d6364891e4c

  • SHA1

    82be46d99b9514607f1f150d4df0fd15996e5f9f

  • SHA256

    ba35fe8207a2fcc8b983e296971b9ed855e97403864deb2e598378c24a850379

  • SHA512

    43d2d4c7621b9c262435a0723d207f0d500d29b6ac01e538a91e9d424964fec26593fb37760714e9e8fc3d483e722920f61d81c243b7230cb755bb1584b72891

  • SSDEEP

    6144:0QSTmxKpIc5rvE7kJVRYeJTsdFAgesC+yZdgJ4:/UF57wyqeJTs0hzc4

Malware Config

Extracted

Family

strrat

C2

chongmei33.publicvm.com:44662

jinvestments.duckdns.org:44662

Attributes
  • license_id

    khonsari

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      ba35fe8207a2fcc8b983e296971b9ed855e97403864deb2e598378c24a850379.jar

    • Size

      265KB

    • MD5

      d480c8eef4a045e9595f8d6364891e4c

    • SHA1

      82be46d99b9514607f1f150d4df0fd15996e5f9f

    • SHA256

      ba35fe8207a2fcc8b983e296971b9ed855e97403864deb2e598378c24a850379

    • SHA512

      43d2d4c7621b9c262435a0723d207f0d500d29b6ac01e538a91e9d424964fec26593fb37760714e9e8fc3d483e722920f61d81c243b7230cb755bb1584b72891

    • SSDEEP

      6144:0QSTmxKpIc5rvE7kJVRYeJTsdFAgesC+yZdgJ4:/UF57wyqeJTs0hzc4

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Strrat family

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks