strrat | 8909c047f3391d9045b1f75bda07062a846670ab78942a8b6185ab5f514ab00a | Triage

Sharing

General

Target

Incoming_Wire_payment_returned120 ___vaw.jar
Size

106KB
Sample

211029-gd7taahdhj
MD5

34e26bc587a78272f5bb46b85e05b2dc
SHA1

e799c6bad1776842645aad78f79d42941c231eda
SHA256

8909c047f3391d9045b1f75bda07062a846670ab78942a8b6185ab5f514ab00a
SHA512

9bee84c5c0f17bf48cbedd6d4cf2a0f349a83598f8a87aa10f3f70ee63ef00fc037e28a3c678c0e16db6d7c4c6a7eaa5d785064e14e9ea4e8778fa920cf008b2

Score

10^/10

strrat persistence stealer suricata trojan

Malware Config

Targets

- Target
  
  Incoming_Wire_payment_returned120 ___vaw.jar
- Size
  
  106KB
- MD5
  
  34e26bc587a78272f5bb46b85e05b2dc
- SHA1
  
  e799c6bad1776842645aad78f79d42941c231eda
- SHA256
  
  8909c047f3391d9045b1f75bda07062a846670ab78942a8b6185ab5f514ab00a
- SHA512
  
  9bee84c5c0f17bf48cbedd6d4cf2a0f349a83598f8a87aa10f3f70ee63ef00fc037e28a3c678c0e16db6d7c4c6a7eaa5d785064e14e9ea4e8778fa920cf008b2
Score

10^/10

strrat persistence stealer suricata trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- suricata: ET MALWARE STRRAT CnC Checkin
  suricata: ET MALWARE STRRAT CnC Checkin
  suricata
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

strratpersistencestealersuricatatrojan

behavioral2