strrat | 89fccb259fa583055e8ebb83c1dda513ecd679920772a4e3007d40e386bb356d | Triage

Sharing

General

Target

PO348578.jar
Size

87KB
Sample

201128-xwdac4rr76
MD5

f08321c792956de8227306444e50158a
SHA1

06b8fb6c223b35c09f30ff1ecc519deb723a7e60
SHA256

89fccb259fa583055e8ebb83c1dda513ecd679920772a4e3007d40e386bb356d
SHA512

1789ca5a68bf5822bcb41c6779300b8f7b19c039a2f081e960d360ddf2f775e35c650956419604b233c0614025f46d11b4d712484cda032a65e6d8d282a1859f

Score

10^/10

strrat persistence stealer trojan

Malware Config

Targets

- Target
  
  PO348578.jar
- Size
  
  87KB
- MD5
  
  f08321c792956de8227306444e50158a
- SHA1
  
  06b8fb6c223b35c09f30ff1ecc519deb723a7e60
- SHA256
  
  89fccb259fa583055e8ebb83c1dda513ecd679920772a4e3007d40e386bb356d
- SHA512
  
  1789ca5a68bf5822bcb41c6779300b8f7b19c039a2f081e960d360ddf2f775e35c650956419604b233c0614025f46d11b4d712484cda032a65e6d8d282a1859f
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

strratpersistencestealertrojan

behavioral2

strratpersistencestealertrojan