strrat | c210c36fcfbab3776cbcb918a14a6e633454680e9d7bb4d88b6a3d46082711c7 | Triage

Submit
Reports

Overview

overview

Static

static

1

PT.No0021.jar

windows7-x64

PT.No0021.jar

windows10-2004-x64

Sharing

General

Target

PT.No0021.jar
Size

225KB
Sample

230215-gmfq6aad89
MD5

1e0babc6ad2de5834e1972ab0de99249
SHA1

16dda1dd98fb9202efff2f2367f6b9c0740e59ec
SHA256

c210c36fcfbab3776cbcb918a14a6e633454680e9d7bb4d88b6a3d46082711c7
SHA512

98855427cd5e275c88004b5dce8614ea283ad32d11e6c6ed03680939c884c34b608505be964cf66d0bf00c00c424b66e07c4eef185ae00cbc450cbbdc9323ebd
SSDEEP

6144:uMojbC0sFaSqVC0T9Hk18DemQ+EioNY+moVo:Uj+0mas0JxemPEiYVVo

Score

10^/10

strrat vjw0rm persistence stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

PT.No0021.jar

Resource

win7-20220812-en

strrat vjw0rm persistence stealer trojan worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

PT.No0021.jar

Resource

win10v2004-20221111-en

vjw0rm trojan worm

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  PT.No0021.jar
- Size
  
  225KB
- MD5
  
  1e0babc6ad2de5834e1972ab0de99249
- SHA1
  
  16dda1dd98fb9202efff2f2367f6b9c0740e59ec
- SHA256
  
  c210c36fcfbab3776cbcb918a14a6e633454680e9d7bb4d88b6a3d46082711c7
- SHA512
  
  98855427cd5e275c88004b5dce8614ea283ad32d11e6c6ed03680939c884c34b608505be964cf66d0bf00c00c424b66e07c4eef185ae00cbc450cbbdc9323ebd
- SSDEEP
  
  6144:uMojbC0sFaSqVC0T9Hk18DemQ+EioNY+moVo:Uj+0mas0JxemPEiYVVo
Score

10^/10

strrat vjw0rm persistence stealer trojan worm
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

strratvjw0rmpersistencestealertrojanworm

behavioral2

vjw0rmtrojanworm

© 2018-2024

Terms | Privacy