strrat | 43e480eaff9c6da18d3c042231ed82f0a09a7adb3301311c159941e75a105a2c | Triage

Sharing

General

Target

02_extracted.jar
Size

83KB
Sample

201104-sw3mtjzhb2
MD5

9250c46915d7fc36a5605a3756447dec
SHA1

b33288cc02bf24008488b14e648943a214265067
SHA256

43e480eaff9c6da18d3c042231ed82f0a09a7adb3301311c159941e75a105a2c
SHA512

093e64939119d1d742428379ec05460a00c6b4d96c4e8fcb425bcd752cacfd18a394fe7d04671fd9f131beb89a41e9e0517d1238430820e5347e271a1090dc05

Score

10^/10

strrat persistence stealer trojan

Malware Config

Targets

- Target
  
  02_extracted.jar
- Size
  
  83KB
- MD5
  
  9250c46915d7fc36a5605a3756447dec
- SHA1
  
  b33288cc02bf24008488b14e648943a214265067
- SHA256
  
  43e480eaff9c6da18d3c042231ed82f0a09a7adb3301311c159941e75a105a2c
- SHA512
  
  093e64939119d1d742428379ec05460a00c6b4d96c4e8fcb425bcd752cacfd18a394fe7d04671fd9f131beb89a41e9e0517d1238430820e5347e271a1090dc05
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

strratpersistencestealertrojan

behavioral2

strratpersistencestealertrojan