General

  • Target

    30062025_1829_Shipping Bill28060483 dated 28062025.PDF.zip

  • Size

    186KB

  • MD5

    f1bc283e4b9cb8c69ac3f4918788b78b

  • SHA1

    4783fcb2114aef4ea309604837f8060f0522546d

  • SHA256

    e2ddf82263d14205ee0daf3bb3a975ed253fc867ab438f8535a53e6de3d4454a

  • SHA512

    d693c0f79bd61b1125e1f0b242b5c4346e7415b97adbc49467fdbfd3ec03dbbe374a869d30ca2108dfda88393959c4909c381553509bb639f7584931728bbe71

  • SSDEEP

    3072:Y11oKn4om0KL/MJe5BBlU/HGV6VDlJgJ6fr6pHdrpS3FFLDqA6l51IEX+KtSN4:Y1ueI0JeHKHGoVDHhfWpHi3rLDy6EX+c

Score
10/10

Malware Config

Extracted

Family

strrat

C2

giversclub.dns04.com:1750

Attributes
  • license_id

    HB7X-0FS6-WDJ9-OLX8-OAI7

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Signatures

Files

  • 30062025_1829_Shipping Bill28060483 dated 28062025.PDF.zip
    .zip

    Password: infected

  • Shipping Bill2806083 dated 28062025.PDF.jar
    .jar