strrat | ba68c2acc5b4ce72444fd74f4dab6661bad90e865b0992d5ff9bb4afe32f3557 | Triage

Sharing

General

Target

OCOLZ552720.js
Size

195KB
Sample

210113-has8hwr7fa
MD5

86f5e65bcc64e04ba7946d8071f213b1
SHA1

403129cb5514917a278e91e0643f852964912c03
SHA256

ba68c2acc5b4ce72444fd74f4dab6661bad90e865b0992d5ff9bb4afe32f3557
SHA512

8580b921516571a57edcf22de46be1b938167a19278fa1f2eb3de6994198a9d6e3d305f18dfe1ed8e293c2ab0ffb2464a5788756c3be3fd02cb352b5af3d691d

Score

10^/10

strrat persistence stealer trojan

Malware Config

Targets

- Target
  
  OCOLZ552720.js
- Size
  
  195KB
- MD5
  
  86f5e65bcc64e04ba7946d8071f213b1
- SHA1
  
  403129cb5514917a278e91e0643f852964912c03
- SHA256
  
  ba68c2acc5b4ce72444fd74f4dab6661bad90e865b0992d5ff9bb4afe32f3557
- SHA512
  
  8580b921516571a57edcf22de46be1b938167a19278fa1f2eb3de6994198a9d6e3d305f18dfe1ed8e293c2ab0ffb2464a5788756c3be3fd02cb352b5af3d691d
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratpersistencestealertrojan