General

  • Target

    ORDER-241221K6890PF57682456POC7893789097393.j.jar

  • Size

    265KB

  • Sample

    241221-ft9r5stpgj

  • MD5

    1e43ef561dd2d60f5bb99e2f9d3ac2de

  • SHA1

    8d7b9a1274e04cea68a8b8ba1e232c76218283da

  • SHA256

    6e46ab852d0afb49aa1f51a82b4a0fe1d7b34b7384d0722816b677068674ebe9

  • SHA512

    67c7c0242a37a50dde1c30a8515e62dbb22f6826397c40bf1f918123cb9c27bb216c3c504b99fe203970341de5bcdea44993775e8ce841eb88804591e9087d39

  • SSDEEP

    6144:qgSTWHKxEy97vE7kJ/1YAJfCPtACGiCIyRdgNi:hW79LwAuAJfCOrr8i

Malware Config

Extracted

Family

strrat

C2

chongmei33.publicvm.com:44662

chongmei33.myddns.rocks:44662

Attributes
  • license_id

    khonsari

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      ORDER-241221K6890PF57682456POC7893789097393.j.jar

    • Size

      265KB

    • MD5

      1e43ef561dd2d60f5bb99e2f9d3ac2de

    • SHA1

      8d7b9a1274e04cea68a8b8ba1e232c76218283da

    • SHA256

      6e46ab852d0afb49aa1f51a82b4a0fe1d7b34b7384d0722816b677068674ebe9

    • SHA512

      67c7c0242a37a50dde1c30a8515e62dbb22f6826397c40bf1f918123cb9c27bb216c3c504b99fe203970341de5bcdea44993775e8ce841eb88804591e9087d39

    • SSDEEP

      6144:qgSTWHKxEy97vE7kJ/1YAJfCPtACGiCIyRdgNi:hW79LwAuAJfCOrr8i

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Strrat family

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks