Malware Analysis Report

2024-11-13 18:33

Sample ID 231012-1ngvdsca9x
Target b03ff6dddff5ea21a129890deab5a9cdbin_JC.zip
SHA256 5e0de5fe9f089b2a786a9c88781c98edccd09ee4a25ddbf5290ef4baff2a049c
Tags
strrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5e0de5fe9f089b2a786a9c88781c98edccd09ee4a25ddbf5290ef4baff2a049c

Threat Level: Known bad

The file b03ff6dddff5ea21a129890deab5a9cdbin_JC.zip was found to be: Known bad.

Malicious Activity Summary

strrat

Strrat family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-10-12 21:47

Signatures

Strrat family

strrat

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-12 21:47

Reported

2023-10-17 14:30

Platform

win7-20230831-en

Max time kernel

150s

Max time network

155s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\4e01f52192ab0212716a2ac06c4e2eb539b93c3fc08fa429aacc7e683d74b061.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\4e01f52192ab0212716a2ac06c4e2eb539b93c3fc08fa429aacc7e683d74b061.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 repo1.maven.org udp
US 199.232.192.209:443 repo1.maven.org tcp
US 140.82.112.4:443 github.com tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 8.8.8.8:53 repo1.maven.org udp
US 199.232.192.209:443 repo1.maven.org tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 tcp
US 140.82.112.3:443 tcp
US 140.82.112.3:443 tcp
US 140.82.112.3:443 tcp

Files

memory/2932-9-0x0000000002050000-0x0000000005050000-memory.dmp

memory/2932-10-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2932-14-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2932-38-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2932-43-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2932-49-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2932-62-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2932-64-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2932-65-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2932-95-0x0000000002050000-0x0000000005050000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-12 21:47

Reported

2023-10-17 14:30

Platform

win10v2004-20230915-en

Max time kernel

145s

Max time network

154s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\4e01f52192ab0212716a2ac06c4e2eb539b93c3fc08fa429aacc7e683d74b061.jar

Signatures

N/A

Processes

C:\ProgramData\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\4e01f52192ab0212716a2ac06c4e2eb539b93c3fc08fa429aacc7e683d74b061.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 repo1.maven.org udp
US 8.8.8.8:53 github.com udp
US 199.232.192.209:443 repo1.maven.org tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 140.82.113.4:443 github.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 209.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 4.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 77.239.69.13.in-addr.arpa udp

Files

memory/3412-4-0x00000000030C0000-0x00000000040C0000-memory.dmp

memory/3412-11-0x0000000001580000-0x0000000001581000-memory.dmp

memory/3412-16-0x00000000030C0000-0x00000000040C0000-memory.dmp

memory/3412-22-0x0000000001580000-0x0000000001581000-memory.dmp

memory/3412-27-0x00000000030C0000-0x00000000040C0000-memory.dmp

memory/3412-31-0x0000000001580000-0x0000000001581000-memory.dmp

memory/3412-34-0x00000000030C0000-0x00000000040C0000-memory.dmp

memory/3412-44-0x00000000030C0000-0x00000000040C0000-memory.dmp

memory/3412-46-0x0000000001580000-0x0000000001581000-memory.dmp

memory/3412-54-0x00000000030C0000-0x00000000040C0000-memory.dmp

memory/3412-56-0x0000000001580000-0x0000000001581000-memory.dmp

memory/3412-62-0x0000000001580000-0x0000000001581000-memory.dmp

memory/3412-72-0x00000000030C0000-0x00000000040C0000-memory.dmp

memory/3412-84-0x0000000001580000-0x0000000001581000-memory.dmp

memory/3412-91-0x00000000030C0000-0x00000000040C0000-memory.dmp

memory/3412-98-0x0000000001580000-0x0000000001581000-memory.dmp