strrat | f0c11d41addcfee21da8c2abfd557be8dedee50e51da47b9a8a314bda7ff6a56 | Triage

Sharing

General

Target

1991KLI.jar
Size

184KB
Sample

230328-rc6jyada81
MD5

6ac278a78a0e5ce73ebb9a87e07142cf
SHA1

8bf808f6368397af37ed00bcb4ae2818f21b891f
SHA256

f0c11d41addcfee21da8c2abfd557be8dedee50e51da47b9a8a314bda7ff6a56
SHA512

a5f86ead030b0107e7677430c22e5bf089812947cf96c689b8fbecb8109b6260a2103c5a4707629b9054228d77bd53b22f4bdadababd0fbf51d8ac55356620b3
SSDEEP

3072:bBuguWF0v3FlzdAYJi7MYT1SEaON9BF3cYD1JqaVeqbZAgvj3kCQ+8hwOIhZYbZP:ggJF0v3FlzdDS8ET9BF3cWRVeqdAgvo5

Score

10^/10

strrat persistence stealer trojan

Malware Config

Targets

- Target
  
  1991KLI.jar
- Size
  
  184KB
- MD5
  
  6ac278a78a0e5ce73ebb9a87e07142cf
- SHA1
  
  8bf808f6368397af37ed00bcb4ae2818f21b891f
- SHA256
  
  f0c11d41addcfee21da8c2abfd557be8dedee50e51da47b9a8a314bda7ff6a56
- SHA512
  
  a5f86ead030b0107e7677430c22e5bf089812947cf96c689b8fbecb8109b6260a2103c5a4707629b9054228d77bd53b22f4bdadababd0fbf51d8ac55356620b3
- SSDEEP
  
  3072:bBuguWF0v3FlzdAYJi7MYT1SEaON9BF3cYD1JqaVeqbZAgvj3kCQ+8hwOIhZYbZP:ggJF0v3FlzdDS8ET9BF3cWRVeqdAgvo5
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratpersistencestealertrojan