strrat | 920d80efcbeee1a05139ffbea05ca56e59e71809d11afbe47d1e2e9aa95a0e5b | Triage

Sharing

General

Target

79d2b79bad5f52b3bd2e82327f871c92
Size

106KB
Sample

240127-kzs4ssafgk
MD5

79d2b79bad5f52b3bd2e82327f871c92
SHA1

b0f67fa71525e2f843e73e84661ee638b0463f30
SHA256

920d80efcbeee1a05139ffbea05ca56e59e71809d11afbe47d1e2e9aa95a0e5b
SHA512

5b335834449a94a6565bc5f26e50d248b3cf59ad7e31465e5522ebaf80d39ed9816e1f86c47e85a608ae16968b6f3636c1b521a822afef24f53826b17c3fcd75
SSDEEP

1536:yT5QD5oMXaPkkqyGhbeIZtVg2XEMV8UjiQB0YLt2tE6Ys0XVdZnG1HV0+gCtQ:yKaqyG0NY7BGYkos+VdFaa+gCtQ

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

103.133.105.29:2664

127.0.0.1:2664

Attributes

license_id
FDFL-86AF-249Z-UP6D-RTBW
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  79d2b79bad5f52b3bd2e82327f871c92
- Size
  
  106KB
- MD5
  
  79d2b79bad5f52b3bd2e82327f871c92
- SHA1
  
  b0f67fa71525e2f843e73e84661ee638b0463f30
- SHA256
  
  920d80efcbeee1a05139ffbea05ca56e59e71809d11afbe47d1e2e9aa95a0e5b
- SHA512
  
  5b335834449a94a6565bc5f26e50d248b3cf59ad7e31465e5522ebaf80d39ed9816e1f86c47e85a608ae16968b6f3636c1b521a822afef24f53826b17c3fcd75
- SSDEEP
  
  1536:yT5QD5oMXaPkkqyGhbeIZtVg2XEMV8UjiQB0YLt2tE6Ys0XVdZnG1HV0+gCtQ:yKaqyG0NY7BGYkos+VdFaa+gCtQ
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2