strrat | 00172976ee3057dd6555734af28759add7daea55047eb6f627e5491701c3ec83 | Triage

Sharing

General

Target

00172976ee3057dd6555734af28759add7daea55047eb6f627e5491701c3ec83
Size

219KB
Sample

240129-vps16agcbn
MD5

7ac6ab0b4cd03b1cb7da928b324cb933
SHA1

71b0d8b34ceed49dc0a4f3a42dba42391475f302
SHA256

00172976ee3057dd6555734af28759add7daea55047eb6f627e5491701c3ec83
SHA512

b1c81159713d95312c0cfd46c67dd348714a45ec454f3e7752cce309eb2b089e6692400e40eb55cb080c671e7ab5f8ad20127b2b839966ab8f657a8d12effe94
SSDEEP

3072:SNTGUI+R4oVOQa7khVBUfC4OCnHvT1Yga8ZQH/MHVJy7knuuCceanPRMILYmfVIV:SgUJ4oi7PfNnPZYZMPy9AP2IEmfCHMtc

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

https://pastebin.com/raw/dFKy3ZDm:13570

https://pastebin.com/raw/dLzt4tRB:13569

Attributes

license_id
W9MZ-7P83-CP8C-A4XM-IP0L
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  00172976ee3057dd6555734af28759add7daea55047eb6f627e5491701c3ec83
- Size
  
  219KB
- MD5
  
  7ac6ab0b4cd03b1cb7da928b324cb933
- SHA1
  
  71b0d8b34ceed49dc0a4f3a42dba42391475f302
- SHA256
  
  00172976ee3057dd6555734af28759add7daea55047eb6f627e5491701c3ec83
- SHA512
  
  b1c81159713d95312c0cfd46c67dd348714a45ec454f3e7752cce309eb2b089e6692400e40eb55cb080c671e7ab5f8ad20127b2b839966ab8f657a8d12effe94
- SSDEEP
  
  3072:SNTGUI+R4oVOQa7khVBUfC4OCnHvT1Yga8ZQH/MHVJy7knuuCceanPRMILYmfVIV:SgUJ4oi7PfNnPZYZMPy9AP2IEmfCHMtc
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2