strrat | a8c0236c98449cbca8097ca4923fe0b5b878944796e240f64595fc85b99092e4 | Triage

Sharing

General

Target

Downloads.rar
Size

1.2MB
Sample

230326-lqklqsaa7w
MD5

5689ea14a373cdbdd9bf990de8695082
SHA1

31f14c629263fd2358a442f28439a0a406be4762
SHA256

a8c0236c98449cbca8097ca4923fe0b5b878944796e240f64595fc85b99092e4
SHA512

c6c98f2dcaaba2ce0a7713554d9de45e326883a5d1526fe6551f82cf53f96df9cf427ef1262d3950daf43d29f43e8799ef754dda5ed74e1b052b33b7b4bcd000
SSDEEP

24576:8nBlabRtBFqzvH5mbEMXle3Nkq7LAwalGCbkXEGJV0fV/Y/:8B2TBFqP5TMXle3aYkNGCgX7yNm

Score

10^/10

strrat vjw0rm persistence stealer trojan upx worm

Malware Config

Targets

- Target
  
  2ecb8a22e5831fafcbaf0392b5b617c3.exe.vir
- Size
  
  870KB
- MD5
  
  2ecb8a22e5831fafcbaf0392b5b617c3
- SHA1
  
  ebd35d45d8ec1779f57457b7383da40c6ad8b77e
- SHA256
  
  7208422887eda7041fb87c8d836a31d41b9d74c8ee724c179a795bd83ce29ab9
- SHA512
  
  f261f99301b8c0e94a58feda80560e144cffe07073c1c5ae065f308338de04c3ac57d727bc5c70ed83b59ab670afb82f647d6d288777dff2065087e992524f73
- SSDEEP
  
  24576:zFzruKzEV3L2bTvWX5CnthV+2qRcExFn:zF/zEVbk7DnthwRc4
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  c72d738747f68d4f8d9e9368e47928bf.js.vir
- Size
  
  9.2MB
- MD5
  
  c72d738747f68d4f8d9e9368e47928bf
- SHA1
  
  00b523b2e3ab0f2bfd7d4aabf3b1c33ae390c585
- SHA256
  
  06b94b3ec86bd4a61888848f379808954de1ff2a1fe471edcfa312f5e9ba2ab5
- SHA512
  
  1a01baa0c813b928cf5dfe456f76acdcf9be0e0df8a6131e248f9aa5456c65a69cb9809efe56afc4db32cfeeb93ca42e3319f1e53689ba4ed23b77911b802c61
- SSDEEP
  
  3072:gNK8RjR/R8x/xqm2O1IrWa7Mjv/GnOv3GmPLjCKKIz9vs2J96i/OBDVOdz83Pm7+:I
Score

10^/10

strrat vjw0rm persistence stealer trojan worm
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  ec5e12b3ea2318692c2d2b74c33dfbda.jar.vir
- Size
  
  164KB
- MD5
  
  ec5e12b3ea2318692c2d2b74c33dfbda
- SHA1
  
  f7f6c3d3e266c7a85ec489389d5508eaa1983055
- SHA256
  
  056579d3948044c01ffa21dd8a14f7c4109efd25e609055e24a37cb6db603ef7
- SHA512
  
  0c91246971bb23ba3801b348ca8148c048de43c4caa7912b681868e471f5a0f080f2969e8fda1b04a002a81b403bddb22b62496b8eee75814cb691391ad5851a
- SSDEEP
  
  3072:gw+lMnyYMmfcEA9E67Yu9T7rkdUOMMJ0rOM4rAxIF820xuBho5zO:gLcfHBu9TUdUOM005+FMxuX66
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

strratvjw0rmpersistencestealertrojanworm

behavioral4

vjw0rmtrojanworm

behavioral5

behavioral6

strratpersistencestealertrojan