Malware Analysis Report

2024-11-13 18:33

Sample ID 231012-26ptdsgc88
Target b03ff6dddff5ea21a129890deab5a9cd.bin
SHA256 5e0de5fe9f089b2a786a9c88781c98edccd09ee4a25ddbf5290ef4baff2a049c
Tags
strrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5e0de5fe9f089b2a786a9c88781c98edccd09ee4a25ddbf5290ef4baff2a049c

Threat Level: Known bad

The file b03ff6dddff5ea21a129890deab5a9cd.bin was found to be: Known bad.

Malicious Activity Summary

strrat

Strrat family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-10-12 23:11

Signatures

Strrat family

strrat

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-12 23:11

Reported

2023-10-17 15:23

Platform

win7-20230831-en

Max time kernel

150s

Max time network

158s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\4e01f52192ab0212716a2ac06c4e2eb539b93c3fc08fa429aacc7e683d74b061.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\4e01f52192ab0212716a2ac06c4e2eb539b93c3fc08fa429aacc7e683d74b061.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 repo1.maven.org udp
US 140.82.114.4:443 github.com tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 140.82.114.4:443 github.com tcp
US 140.82.114.4:443 github.com tcp
US 140.82.114.4:443 github.com tcp

Files

memory/2224-2-0x00000000021A0000-0x00000000051A0000-memory.dmp

memory/2224-3-0x00000000021A0000-0x00000000051A0000-memory.dmp

memory/2224-11-0x0000000000130000-0x0000000000131000-memory.dmp

memory/2224-15-0x0000000000130000-0x0000000000131000-memory.dmp

memory/2224-16-0x0000000000130000-0x0000000000131000-memory.dmp

memory/2224-38-0x0000000000130000-0x0000000000131000-memory.dmp

memory/2224-45-0x0000000000130000-0x0000000000131000-memory.dmp

memory/2224-51-0x0000000000130000-0x0000000000131000-memory.dmp

memory/2224-58-0x0000000000130000-0x0000000000131000-memory.dmp

memory/2224-66-0x0000000000130000-0x0000000000131000-memory.dmp

memory/2224-76-0x0000000000130000-0x0000000000131000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-12 23:11

Reported

2023-10-17 15:23

Platform

win10v2004-20230915-en

Max time kernel

58s

Max time network

61s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\4e01f52192ab0212716a2ac06c4e2eb539b93c3fc08fa429aacc7e683d74b061.jar

Signatures

N/A

Processes

C:\ProgramData\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\4e01f52192ab0212716a2ac06c4e2eb539b93c3fc08fa429aacc7e683d74b061.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 254.211.247.8.in-addr.arpa udp

Files

memory/4712-4-0x00000000028A0000-0x00000000038A0000-memory.dmp

memory/4712-11-0x0000000002500000-0x0000000002501000-memory.dmp