strrat | bd344fb2a4ce6f8c1eb8861b25ebab046fc675c9b43011d72e387adfe5d2451a | Triage

Submit
Reports

Overview

overview

Static

static

1

PO.No.660240685.js

windows7-x64

3

PO.No.660240685.js

windows10-2004-x64

Sharing

General

Target

PO.No.660240685.gz
Size

217KB
Sample

230515-vmr13sge77
MD5

4f1ed6db55721fb1a065c53b4ef5fb68
SHA1

5baf7fbcc6817301e0cdaa2aece410fe79bb38d6
SHA256

bd344fb2a4ce6f8c1eb8861b25ebab046fc675c9b43011d72e387adfe5d2451a
SHA512

24cb05dd73bee54782136d68e9c08c816a1ba3a8961303da0f8eb39cde250e7dfd7803b6b89f6e37c2bc87ac2f7b45da24ca63f762e862bf86aca8ee277dd006
SSDEEP

6144:vIxpCkQdi8M6+2lz1iCoc4X9urwByK68TODhIpBtz:AxDQzM2iCoCrQW8iDh2tz

Score

10^/10

strrat persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO.No.660240685.js

Resource

win7-20230220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO.No.660240685.js

Resource

win10v2004-20230220-en

strrat persistence stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  PO.No.660240685.js
- Size
  
  350KB
- MD5
  
  a22348f93f4df059f8b025fcb9ba08d2
- SHA1
  
  15d30f7a301fa65e728bbb7ef373a315e5eca673
- SHA256
  
  667b366df07423e6159ab793376345a1b494d16729650e9912ed2cc734bf74c1
- SHA512
  
  c8cae78807834f48e05f48fc18b543960f424d73bd2c5a1a8e6fbc0aee61ee7dc7e6163314be8f0d3c0fb8b72cf7e3ae36053f5579bdabd465f4bb0d3258bd5b
- SSDEEP
  
  6144:Nho1w2DIGuwNwmCWJKj1xa6t+jY6xufvNTd+sIW4QNJcGUwWVVjd2jyo2Xet4jzN:E68IRmC1xa6t+ThQNJ8VZd9ClxG
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratpersistencestealertrojan

© 2018-2025

Terms | Privacy