Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4cb1d47e690d235180af017ab57ba220d8b792160d34b4309829da8808437e11.zip
-
Size
195KB
-
Sample
250205-qh4f4azjbl
-
MD5
28815ddb109b80b8b01861e94898b554
-
SHA1
3733116bb1b9bf58312fd7f9db4abfc8edacb838
-
SHA256
66f47d27f6974e76556b5a610be367402192fbd9c63aa0e62ff7b4dfce8293c7
-
SHA512
28ad75d1940b3e372fbc87fe7f0cdcd226f6a03d24e3cbeb77af5d21546c124d15033968d96028ed3723c51d4647f490cf08b5ec2d61f88f6f11c05caaa00837
-
SSDEEP
6144:oc/w+KnU/5YsehY4Ru6tgBZX0lWBjA/DuhZ4:Lj/taY4RbgTXfALSZ4
Malware Config
Extracted
strrat
195.177.95.117:7800
-
license_id
DB1U-CVGT-7HUG-X0A0-GNWH
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Targets
-
-
Target
4cb1d47e690d235180af017ab57ba220d8b792160d34b4309829da8808437e11.jar
-
Size
265KB
-
MD5
41856a018cbd1dc677eed38ad8cf9724
-
SHA1
74d2964716fcd41dd3b11c4f489f75ff8355b7b0
-
SHA256
4cb1d47e690d235180af017ab57ba220d8b792160d34b4309829da8808437e11
-
SHA512
df93fd7e45a6e1bac72f3c0851f731e3256f4bc54e84ba2a7a8ad775b571a78f541f774fa217abbda3d3f7ac66e4e5077deb32ae7b16a09a2a68d7ed5c4adf20
-
SSDEEP
6144:xirWMsbCjzX7g6FgrlLdZXAe8Db36Nl2uS:x7R6ippyvaNQuS
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Strrat family
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1