strrat | 36553d3db326bfc9e01e4df5ca4246eb551f79600a6f56f8450928848c34ec39 | Triage

Sharing

General

Target

ORDER # NDP243002.jar
Size

126KB
Sample

240129-red8gabdh6
MD5

b392a451dff067e48252f7c428ff898d
SHA1

859e61b54b3172932dcf041d05bcba15a8ee020d
SHA256

36553d3db326bfc9e01e4df5ca4246eb551f79600a6f56f8450928848c34ec39
SHA512

63cda12ab758afef4d6ed7e9fd3e834648556c8fd1b9224197e3c99202a971823095dc39b1660ee16a12d0c43424b0c35812c4fcdf170b78f058ad96ca0e8f3e
SSDEEP

3072:77rWrx8/1/KjK4Yr7bd4CuZbe1/9Mrlvp93A04KJS9:Xr2W1/sKTne6KrJpXS9

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

chevronciti.dns05.com:7888

chevronciti.dns05.com:7881

Attributes

license_id
khonsari
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  ORDER # NDP243002.jar
- Size
  
  126KB
- MD5
  
  b392a451dff067e48252f7c428ff898d
- SHA1
  
  859e61b54b3172932dcf041d05bcba15a8ee020d
- SHA256
  
  36553d3db326bfc9e01e4df5ca4246eb551f79600a6f56f8450928848c34ec39
- SHA512
  
  63cda12ab758afef4d6ed7e9fd3e834648556c8fd1b9224197e3c99202a971823095dc39b1660ee16a12d0c43424b0c35812c4fcdf170b78f058ad96ca0e8f3e
- SSDEEP
  
  3072:77rWrx8/1/KjK4Yr7bd4CuZbe1/9Mrlvp93A04KJS9:Xr2W1/sKTne6KrJpXS9
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2