strrat | 41fc9828d61ebd2a0cb90b8ce07bc0dd5f67b194ff70163525034683e2e58b04 | Triage

Sharing

General

Target

Purchase_Order.jar
Size

70KB
Sample

230425-g4w5gaaf61
MD5

5e0450e34e3883e5ffbb964509d09b8b
SHA1

4bb703d44836892d2ec8a5bd1a38eb9badd2797e
SHA256

41fc9828d61ebd2a0cb90b8ce07bc0dd5f67b194ff70163525034683e2e58b04
SHA512

794d6d1f5ec154e479262df00df01d9a3f0575dc34cf17fe8070dfdc6fb446014a643f4bc574fa1c2d04e6e86b391879aaf8643f362d3666a073836282496fa1
SSDEEP

1536:EnYncm2ccI5Fmd9tz/kC72EsM0OjzSDPNXOjaVYO/M2bN:MQWM/md9tzdz0OaDPNXXVFUKN

Score

10^/10

strrat persistence stealer trojan

Malware Config

Targets

- Target
  
  Purchase_Order.jar
- Size
  
  70KB
- MD5
  
  5e0450e34e3883e5ffbb964509d09b8b
- SHA1
  
  4bb703d44836892d2ec8a5bd1a38eb9badd2797e
- SHA256
  
  41fc9828d61ebd2a0cb90b8ce07bc0dd5f67b194ff70163525034683e2e58b04
- SHA512
  
  794d6d1f5ec154e479262df00df01d9a3f0575dc34cf17fe8070dfdc6fb446014a643f4bc574fa1c2d04e6e86b391879aaf8643f362d3666a073836282496fa1
- SSDEEP
  
  1536:EnYncm2ccI5Fmd9tz/kC72EsM0OjzSDPNXOjaVYO/M2bN:MQWM/md9tzdz0OaDPNXXVFUKN
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

strratpersistencestealertrojan

behavioral2

strratpersistencestealertrojan