Overview

overview

10

Static

static

10

091291932.jar

windows7-x64

1

091291932.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05022025_1312_091291932.zip

  • Size

    122KB

  • Sample

    250205-qfmqkayral

  • MD5

    d29700b5beae17356cf6c7f6d8ed39cf

  • SHA1

    73ac6d4064082ae5d25b75c20ee555dbacc6a383

  • SHA256

    a3bccc2abdcddb30063ea9b359a9fe22e9924de223a55b996705305555c9c243

  • SHA512

    65e77c831c88aa47d266308b595ae09b1b524693e9280f484b1ab2afeda12ee77c6f691346a7c1bb8ac8d9f302f3ccd52d1a411f87533a8e1745a88cda2d60e7

  • SSDEEP

    3072:ynjtmKTdQLwBqejPD9Li2nkO5+bh4S6hT4tRNuTE9+jBUUv:yjw5eLDfkhh4VN4Yvjz

Score
10/10
strratpersistencestealertrojan

Malware Config

Extracted

Family

strrat

C2

chevronciti.dns05.com:7888

chevronciti.dns05.com:7881
Attributes
  • license_id

    khonsari

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      091291932.jar

    • Size

      129KB

    • MD5

      cfe647211a65b5140028dc1bf20dfa84

    • SHA1

      dbdf45b544bbf75678ab4049267ad8a8930b634c

    • SHA256

      07392a03676ebaf54187f47b8eff0208ec5e24444dcd982c8c8ec5da829b8ad7

    • SHA512

      9dca9bb6dcaf1c10008fe46d5bdf7d0d921c2dceb738b514fa5ccbbf2a8f7cb3268a0304e969e63d1e059ae191e6e68021054a62b59a57719e58f6489e60f972

    • SSDEEP

      3072:f/2fvhcIBmn4A9UKqNDXIrbswLKxeBg0bYXrSSIHubW/L4J:XIvhzBmnj/q6rbsmYeBv8qiZ

    Score
    10/10
    strratpersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Strrat family

      strrat

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks