General
-
Target
6e46ab852d0afb49aa1f51a82b4a0fe1d7b34b7384d0722816b677068674ebe9.jar
-
Size
265KB
-
Sample
241222-cqlpcszkdm
-
MD5
1e43ef561dd2d60f5bb99e2f9d3ac2de
-
SHA1
8d7b9a1274e04cea68a8b8ba1e232c76218283da
-
SHA256
6e46ab852d0afb49aa1f51a82b4a0fe1d7b34b7384d0722816b677068674ebe9
-
SHA512
67c7c0242a37a50dde1c30a8515e62dbb22f6826397c40bf1f918123cb9c27bb216c3c504b99fe203970341de5bcdea44993775e8ce841eb88804591e9087d39
-
SSDEEP
6144:qgSTWHKxEy97vE7kJ/1YAJfCPtACGiCIyRdgNi:hW79LwAuAJfCOrr8i
Behavioral task
behavioral1
Sample
6e46ab852d0afb49aa1f51a82b4a0fe1d7b34b7384d0722816b677068674ebe9.jar
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
6e46ab852d0afb49aa1f51a82b4a0fe1d7b34b7384d0722816b677068674ebe9.jar
Resource
win10v2004-20241007-en
Malware Config
Extracted
strrat
chongmei33.publicvm.com:44662
chongmei33.myddns.rocks:44662
-
license_id
khonsari
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
6e46ab852d0afb49aa1f51a82b4a0fe1d7b34b7384d0722816b677068674ebe9.jar
-
Size
265KB
-
MD5
1e43ef561dd2d60f5bb99e2f9d3ac2de
-
SHA1
8d7b9a1274e04cea68a8b8ba1e232c76218283da
-
SHA256
6e46ab852d0afb49aa1f51a82b4a0fe1d7b34b7384d0722816b677068674ebe9
-
SHA512
67c7c0242a37a50dde1c30a8515e62dbb22f6826397c40bf1f918123cb9c27bb216c3c504b99fe203970341de5bcdea44993775e8ce841eb88804591e9087d39
-
SSDEEP
6144:qgSTWHKxEy97vE7kJ/1YAJfCPtACGiCIyRdgNi:hW79LwAuAJfCOrr8i
Score10/10-
Strrat family
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1