General
-
Target
JaffaCakes118_a3fb4ae95c327cd14ea35fba98038d89
-
Size
184KB
-
Sample
250108-rh8aqavqgm
-
MD5
a3fb4ae95c327cd14ea35fba98038d89
-
SHA1
6c993c1f0fb3386e2a9cfa1eebee55cd5c367648
-
SHA256
4407d7019ad4c3f66a63c234b473f23c1a5153cfee8151ced528111a5924894d
-
SHA512
0e0f304478156c197b3e7fc451bb6a2b014a404e69d2af6accbe04d0775b3be83112fc065b4d2d34356dc709c9776f16469469ec5ba1af3533a1019a68cfcc64
-
SSDEEP
3072:tGBfbhJvECwxGXmHkRpZTsUSuMica+h04eilvJ44fd65yJsHbDSLK+hTbY/Tek87:t61JspxGXFvZT3404nlR44fQcGHbDSL5
Malware Config
Extracted
strrat
31.210.20.164:4292
127.0.0.1:4292
-
license_id
61DP-MVTK-7F5S-QIGT-AV1H
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
JaffaCakes118_a3fb4ae95c327cd14ea35fba98038d89
-
Size
184KB
-
MD5
a3fb4ae95c327cd14ea35fba98038d89
-
SHA1
6c993c1f0fb3386e2a9cfa1eebee55cd5c367648
-
SHA256
4407d7019ad4c3f66a63c234b473f23c1a5153cfee8151ced528111a5924894d
-
SHA512
0e0f304478156c197b3e7fc451bb6a2b014a404e69d2af6accbe04d0775b3be83112fc065b4d2d34356dc709c9776f16469469ec5ba1af3533a1019a68cfcc64
-
SSDEEP
3072:tGBfbhJvECwxGXmHkRpZTsUSuMica+h04eilvJ44fd65yJsHbDSLK+hTbY/Tek87:t61JspxGXFvZT3404nlR44fQcGHbDSL5
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Strrat family
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1