strrat | 433af927acfbda8332ff1acba40e8a658fbdfe09bfafda8d010a43a3bba534eb | Triage

Sharing

General

Target

3a635340d63f75e27e2c195dd9f0506d
Size

101KB
Sample

231231-tadggshgcp
MD5

3a635340d63f75e27e2c195dd9f0506d
SHA1

c85533e94cfafaa1fe7e0cc42032170b6df6ab0b
SHA256

433af927acfbda8332ff1acba40e8a658fbdfe09bfafda8d010a43a3bba534eb
SHA512

c9b646c3574deb745096632c0ce76b5ccf092ff625e1deba38f1ef2e89ec7969f5439872cd4f845b09190965689bab0e149526cc6eebcc59151555c9f0fe0823
SSDEEP

1536:aCDBRTixq1EbW+rwd+bH1tZ24NJ3bqoaGV5trERIgSDPgAUmJ5us50X94MplyGRb:pHSb9Ud+xtZdW6V5VNUm50XSCl3/Wg

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

103.156.90.52:4292

127.0.0.1:4292

Attributes

license_id
61DP-MVTK-7F5S-QIGT-AV1H
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  3a635340d63f75e27e2c195dd9f0506d
- Size
  
  101KB
- MD5
  
  3a635340d63f75e27e2c195dd9f0506d
- SHA1
  
  c85533e94cfafaa1fe7e0cc42032170b6df6ab0b
- SHA256
  
  433af927acfbda8332ff1acba40e8a658fbdfe09bfafda8d010a43a3bba534eb
- SHA512
  
  c9b646c3574deb745096632c0ce76b5ccf092ff625e1deba38f1ef2e89ec7969f5439872cd4f845b09190965689bab0e149526cc6eebcc59151555c9f0fe0823
- SSDEEP
  
  1536:aCDBRTixq1EbW+rwd+bH1tZ24NJ3bqoaGV5trERIgSDPgAUmJ5us50X94MplyGRb:pHSb9Ud+xtZdW6V5VNUm50XSCl3/Wg
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2