strrat | 155945b133a7d5fe816d79c352268273f7150c695ada43ee9c5d7565f8a1e550 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PaymentAdvice.jar
Size

68KB
Sample

230817-cs1ajaeh26
MD5

81672f4c4a4b89a9753e55e26d393678
SHA1

134e34b47bd0e38424472903f358be7a913051a6
SHA256

155945b133a7d5fe816d79c352268273f7150c695ada43ee9c5d7565f8a1e550
SHA512

6d3976df4a86e038d528c932562142817cba8ff8f00958032440673b13bc110af4e9837700a2b0ccf59f3de84aa0fe0de82e8195f1213b71fa93d9cd18f97010
SSDEEP

1536:Lih50PjWJp8V/hrU9fmJ7hiy+navgC7/+gM72ktw8:jPjW8Vq47Rx/KI8

Score

10^/10

strrat persistence stealer trojan

Malware Config

Targets

- Target
  
  PaymentAdvice.jar
- Size
  
  68KB
- MD5
  
  81672f4c4a4b89a9753e55e26d393678
- SHA1
  
  134e34b47bd0e38424472903f358be7a913051a6
- SHA256
  
  155945b133a7d5fe816d79c352268273f7150c695ada43ee9c5d7565f8a1e550
- SHA512
  
  6d3976df4a86e038d528c932562142817cba8ff8f00958032440673b13bc110af4e9837700a2b0ccf59f3de84aa0fe0de82e8195f1213b71fa93d9cd18f97010
- SSDEEP
  
  1536:Lih50PjWJp8V/hrU9fmJ7hiy+navgC7/+gM72ktw8:jPjW8Vq47Rx/KI8
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

strratpersistencestealertrojan

behavioral2