strrat | 6d588dde32764fd765cdc52f15eabb65262001a803befd327bfe62bb9010bc91 | Triage

Sharing

General

Target

23dbd5703268a7db67368a072c9ad7f3
Size

106KB
Sample

231231-ch85paead7
MD5

23dbd5703268a7db67368a072c9ad7f3
SHA1

e7ceb921ba16cac8dca122fb299c7bc9c9a8a318
SHA256

6d588dde32764fd765cdc52f15eabb65262001a803befd327bfe62bb9010bc91
SHA512

dd2cc644c6e0ff9715ea8355ca6e53dd0ecb7fabdc248c5abd798affec4b08d3c06d6cdd5ae5b79b749698995034c306f28dd482550a73ed68b5a474e8a72569
SSDEEP

1536:Ifku/dVPqW+tDYpcSLOIRNTjm5SSikTXdEM0VvSX5sdDKVTiPuRWN6pqE:IzHfiMpcjajm5xikhEJcCY17MEpz

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

agadinwanyi.dubya.net:1788

agadinwanyi.dubya.net:1781

Attributes

license_id
M5NG-QCTM-00LM-3XXT-3I3E
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  23dbd5703268a7db67368a072c9ad7f3
- Size
  
  106KB
- MD5
  
  23dbd5703268a7db67368a072c9ad7f3
- SHA1
  
  e7ceb921ba16cac8dca122fb299c7bc9c9a8a318
- SHA256
  
  6d588dde32764fd765cdc52f15eabb65262001a803befd327bfe62bb9010bc91
- SHA512
  
  dd2cc644c6e0ff9715ea8355ca6e53dd0ecb7fabdc248c5abd798affec4b08d3c06d6cdd5ae5b79b749698995034c306f28dd482550a73ed68b5a474e8a72569
- SSDEEP
  
  1536:Ifku/dVPqW+tDYpcSLOIRNTjm5SSikTXdEM0VvSX5sdDKVTiPuRWN6pqE:IzHfiMpcjajm5xikhEJcCY17MEpz
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2