General
-
Target
INV32762.jar
-
Size
198KB
-
Sample
250123-2l3jraylfp
-
MD5
0326cd8bc7583d4ef9bd89e158f504e4
-
SHA1
87a3f552568e6b5209fb8b44c2c6c0b50c8ca46f
-
SHA256
a5d4d6644f4c0fbacd3781a2d151e76bcd45de2da0dbf458cba84b8e34c9c1d0
-
SHA512
ebf29aeaa9f4ad8a613cab52278568efc70aed6c1032c1f92b53ba9a258cb80b4b5d209e588d8a169493754a34c9495a9ab3e9157983d65c0e9291c8af8c6b5c
-
SSDEEP
3072:HEythVs8HXV0aq4fKjV/36nipUuAVfgSBfQWyn2wV6Vs21dl+ZXJCU7XRQ:HEEhVs8lrKkieuiBly2GMsodgXMgXRQ
Malware Config
Extracted
strrat
www.kposlifestyle.design:1980
127.0.0.1:1980
-
license_id
0801-GRBL-SUN9-LG8M-2C9C
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
INV32762.jar
-
Size
198KB
-
MD5
0326cd8bc7583d4ef9bd89e158f504e4
-
SHA1
87a3f552568e6b5209fb8b44c2c6c0b50c8ca46f
-
SHA256
a5d4d6644f4c0fbacd3781a2d151e76bcd45de2da0dbf458cba84b8e34c9c1d0
-
SHA512
ebf29aeaa9f4ad8a613cab52278568efc70aed6c1032c1f92b53ba9a258cb80b4b5d209e588d8a169493754a34c9495a9ab3e9157983d65c0e9291c8af8c6b5c
-
SSDEEP
3072:HEythVs8HXV0aq4fKjV/36nipUuAVfgSBfQWyn2wV6Vs21dl+ZXJCU7XRQ:HEEhVs8lrKkieuiBly2GMsodgXMgXRQ
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Strrat family
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1