strrat | 765e1dc57406ff54f461069d976f3641b9a36d0c6cac127644a8f720ef372de0 | Triage

Sharing

General

Target

Maersk Advisory.jar
Size

101KB
Sample

230115-njv51aaa2w
MD5

066728d418420951e44c7f01d7a0c89c
SHA1

1883276f80f10075c2708c190e9cfa8e0941a449
SHA256

765e1dc57406ff54f461069d976f3641b9a36d0c6cac127644a8f720ef372de0
SHA512

5f212cb9021806e0f09aebfd83b8555a834bdb3b1766243ec53b18b1f01543dee7ee252f5c94dc5fc292013b10bef3768d7d71eb4c9715f5747c0304c88c5e4d
SSDEEP

1536:kuK2KPGtGQBQY6AlwkjTGkMtQyyU8mE/AMG2ayYB2/Rm3qDHwlkZ2NtOX/l:hK2RBQYgkTGkXyjzy+E0kHcx+X/l

Score

10^/10

strrat persistence stealer trojan

Malware Config

Targets

- Target
  
  Maersk Advisory.jar
- Size
  
  101KB
- MD5
  
  066728d418420951e44c7f01d7a0c89c
- SHA1
  
  1883276f80f10075c2708c190e9cfa8e0941a449
- SHA256
  
  765e1dc57406ff54f461069d976f3641b9a36d0c6cac127644a8f720ef372de0
- SHA512
  
  5f212cb9021806e0f09aebfd83b8555a834bdb3b1766243ec53b18b1f01543dee7ee252f5c94dc5fc292013b10bef3768d7d71eb4c9715f5747c0304c88c5e4d
- SSDEEP
  
  1536:kuK2KPGtGQBQY6AlwkjTGkMtQyyU8mE/AMG2ayYB2/Rm3qDHwlkZ2NtOX/l:hK2RBQYgkTGkXyjzy+E0kHcx+X/l
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

strratpersistencestealertrojan

behavioral2