strrat | 691751fc29a7f618adc3b95a1d924afb35dd8fa0d27b4d4b3798463b5d0eb63e | Triage

Sharing

General

Target

365a35ad336f3c8b258101a7c2b7cfdb
Size

101KB
Sample

231231-psv22abgg3
MD5

365a35ad336f3c8b258101a7c2b7cfdb
SHA1

592061fb0a5c2511cf3eac5e933ff8b3f9fc66d2
SHA256

691751fc29a7f618adc3b95a1d924afb35dd8fa0d27b4d4b3798463b5d0eb63e
SHA512

4d9551fa50b3b640e9496b4725ac774220d9c6ee0e9fd162c881563e05a842cdfeccce3e0cfafee1b6e3aa2ff4ab118ba5c2efc99de2ff5a20e7b3fdb91024a8
SSDEEP

3072:kHk50jBl4osHl3AZQxuZK6VBEX4CrsAxgk4K:aNjhWZaU6VuICYAxgk4K

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

23.29.115.152:4110

127.0.0.1:4110

Attributes

license_id
YRU9-C3GF-80N7-2AKW-97ID
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  365a35ad336f3c8b258101a7c2b7cfdb
- Size
  
  101KB
- MD5
  
  365a35ad336f3c8b258101a7c2b7cfdb
- SHA1
  
  592061fb0a5c2511cf3eac5e933ff8b3f9fc66d2
- SHA256
  
  691751fc29a7f618adc3b95a1d924afb35dd8fa0d27b4d4b3798463b5d0eb63e
- SHA512
  
  4d9551fa50b3b640e9496b4725ac774220d9c6ee0e9fd162c881563e05a842cdfeccce3e0cfafee1b6e3aa2ff4ab118ba5c2efc99de2ff5a20e7b3fdb91024a8
- SSDEEP
  
  3072:kHk50jBl4osHl3AZQxuZK6VBEX4CrsAxgk4K:aNjhWZaU6VuICYAxgk4K
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2