strrat | fe02be2dc318367898f962aa9c3415ff96d95526aa6f6efd72764a732f3b745c | Triage

Resubmissions

10-02-2025 06:12

250210-gyapaasnam 10

10-02-2025 02:31

250210-czrxqsyncp 10

Sharing

General

Target

TT Payment.jar
Size

267KB
Sample

250210-czrxqsyncp
MD5

b4bc577b9b011c29d04f7e3797f5b4c0
SHA1

dd5f810d906cd61a8ec78c28841a121fbaa88d6f
SHA256

fe02be2dc318367898f962aa9c3415ff96d95526aa6f6efd72764a732f3b745c
SHA512

12eba3aacb580eaf11dc9a9aec39ad5e926d053fc8e6fb6871153e22bfb2627628a64f3e931855ff772e63bb152862b7c59292345489085068e8e5c3263ecfa4
SSDEEP

3072:fIMXATbZOaBKsPUVx4lboHQMg5CBklnIVSPxk/ISc6iTpoP6vBum4ggH9AoGa+:gAATbZiDPPqlISPW/IlFg6ZuZ+a+

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

195.211.190.213:1663

Attributes

license_id
WYAA-QBJT-QQ16-FF21-N4O2
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  TT Payment.jar
- Size
  
  267KB
- MD5
  
  b4bc577b9b011c29d04f7e3797f5b4c0
- SHA1
  
  dd5f810d906cd61a8ec78c28841a121fbaa88d6f
- SHA256
  
  fe02be2dc318367898f962aa9c3415ff96d95526aa6f6efd72764a732f3b745c
- SHA512
  
  12eba3aacb580eaf11dc9a9aec39ad5e926d053fc8e6fb6871153e22bfb2627628a64f3e931855ff772e63bb152862b7c59292345489085068e8e5c3263ecfa4
- SSDEEP
  
  3072:fIMXATbZOaBKsPUVx4lboHQMg5CBklnIVSPxk/ISc6iTpoP6vBum4ggH9AoGa+:gAATbZiDPPqlISPW/IlFg6ZuZ+a+
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2