General

  • Target

    23122024_0144_ORDER-24121645908FC.jar.rar

  • Size

    198KB

  • Sample

    241223-b6bzestmay

  • MD5

    6b1bc657ac9fb18e18e9672b910a83f1

  • SHA1

    e9c56086e6e9085966490649283e20fa7f87e073

  • SHA256

    00f48539744ca9aae42100955b85b4bcdc82c0dd544268bbe946f64ca73eb478

  • SHA512

    48e47e3ebdd7b19fc3fcb9477de6e680caaed40d324d7065302fd2ba48eeb32100ad4078d3450d6f87645ddf264c97e6f7d4137f212172ae7efb010b6045a60a

  • SSDEEP

    3072:JWCdpqB9dOap4GjZeBHTPJpm8i0IulJvJdPuErPpaevNZGTBhOQ9m29:JLgB9dZ4GjqHz/D/BdPtcaQ9m29

Malware Config

Extracted

Family

strrat

C2

chongmei33.publicvm.com:44662

jinvestments.duckdns.org:44662

Attributes
  • license_id

    khonsari

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    false

  • secondary_startup

    false

  • startup

    false

Targets

    • Target

      ORDER-24121645908FC.jar

    • Size

      265KB

    • MD5

      cbc235bf3ebe63a3e156f17201fdc9be

    • SHA1

      71f50d2d83eb8e032368dc5a3115f45d976e8249

    • SHA256

      f28b4a17710d6529c4852ab10cf755f53b48431d8863a5fbffd47d440773cf2a

    • SHA512

      4dd39200b8d64a77bfaafe8f6f376934e06d18a81c3343d7d82e618f9234c137e2150d746f4827b9265b446537534d2eb72ffdab82cc76379d0915cc6b3b7e9d

    • SSDEEP

      6144:GUSTiPKJY6h/vE7kJ3NYEJbCfFAOymCYyZdg1v:x6bhXw8GEJbCybzkv

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Strrat family

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      Order.xlsx

    • Size

      7KB

    • MD5

      d7da42ab256e992e632f95e99234de24

    • SHA1

      0af717df408db405c3e8f5a3760c69a74accc6c1

    • SHA256

      1db27ba068c8cb6b78d9f97e9f3263dbac5449785b3531a19725ceaa291b2395

    • SHA512

      5e0965ce30f833582f27adbd9d042528a18d7ed0be92b6b7ec60249f59f1715b02493960a766644f01807a24666224c19fcaafea3538d0a4096f4b79f20353cb

    • SSDEEP

      96:lYAgwkW0YWuQTy4wcKDtFEB7wHSn862Z3KA5TI6Uwgj0qFoXDfYxRgZ9AXH:TghuQTSBhFEBPJ2Z3KmMZMDYcoH

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks