strrat | 62229e0f4da3175320dff7b4783a373c6ede87d20ca8caff6b21a3674610509c | Triage

Sharing

General

Target

PAYMENT SLIP .jar
Size

184KB
Sample

211019-rezt6sfhg8
MD5

98f7c08f8008f97e210bfc4d00dbe4a1
SHA1

30f02ead4606acf7ffb8a9b3a1f2423475c3ff2e
SHA256

62229e0f4da3175320dff7b4783a373c6ede87d20ca8caff6b21a3674610509c
SHA512

3cc83e48aa36129876fef5b734efdc7aa35197b36fcc66840c4605dadab5b61159269a71e33425bb1c2f3bda2ae0f49666dca619fb399a10f7dd647c7cb94564

Score

10^/10

strrat persistence stealer trojan

Malware Config

Targets

- Target
  
  PAYMENT SLIP .jar
- Size
  
  184KB
- MD5
  
  98f7c08f8008f97e210bfc4d00dbe4a1
- SHA1
  
  30f02ead4606acf7ffb8a9b3a1f2423475c3ff2e
- SHA256
  
  62229e0f4da3175320dff7b4783a373c6ede87d20ca8caff6b21a3674610509c
- SHA512
  
  3cc83e48aa36129876fef5b734efdc7aa35197b36fcc66840c4605dadab5b61159269a71e33425bb1c2f3bda2ae0f49666dca619fb399a10f7dd647c7cb94564
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

strratpersistencestealertrojan

behavioral2