strrat | bdb39f75a5b8e2cc95b68a96e5bcf4660449dfb1523a8d00dbf9444206acae02 | Triage

Sharing

General

Target

QuotationListCopy.jar.bin
Size

70KB
Sample

230505-zqst1agf61
MD5

1770e031366e2d91415fa1a1d902814a
SHA1

ef37063f282a2e6d70c9800b20dc45889c3fa90c
SHA256

bdb39f75a5b8e2cc95b68a96e5bcf4660449dfb1523a8d00dbf9444206acae02
SHA512

c9206823d5fc8bda1d9e8385a90cc0171366f7968c56d8ab6a11c2e5b53f1c0243f3b1148ed0001efcba5e313f6efa43b7af0c74e6b882c613d66ca7fad61a02
SSDEEP

1536:DSpNvzfcN5YRlN1qhlV0EwVW948MrlDzOyJgtMNNp7FFbKL6aw62ZLsY+azgR4Wi:kvzUYh+Zo5lDSSC6f7d64+34zZEskc

Score

10^/10

strrat persistence stealer trojan

Malware Config

Targets

- Target
  
  QuotationListCopy.jar.bin
- Size
  
  70KB
- MD5
  
  1770e031366e2d91415fa1a1d902814a
- SHA1
  
  ef37063f282a2e6d70c9800b20dc45889c3fa90c
- SHA256
  
  bdb39f75a5b8e2cc95b68a96e5bcf4660449dfb1523a8d00dbf9444206acae02
- SHA512
  
  c9206823d5fc8bda1d9e8385a90cc0171366f7968c56d8ab6a11c2e5b53f1c0243f3b1148ed0001efcba5e313f6efa43b7af0c74e6b882c613d66ca7fad61a02
- SSDEEP
  
  1536:DSpNvzfcN5YRlN1qhlV0EwVW948MrlDzOyJgtMNNp7FFbKL6aw62ZLsY+azgR4Wi:kvzUYh+Zo5lDSSC6f7d64+34zZEskc
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

strratpersistencestealertrojan

behavioral2

strratpersistencestealertrojan