Overview

overview

10

Static

static

10

SB COPY682...DF.jar

windows7-x64

10

SB COPY682...DF.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SB COPY6827366180.PDF.zip

  • Size

    38KB

  • Sample

    240201-em5deaaha4

  • MD5

    2703a1562a0429136e1653f57954a2e2

  • SHA1

    3626243135b9addd8076b0c211cb54fbf98cc1de

  • SHA256

    de1522a546abbff8b5cdde813b89e754ab0da6894e25bba0243a7a79e26a99d5

  • SHA512

    11321ec43f6858f9ce32daf9f79de7a87bb951f3205b9ef801af34edb8d6585565d4c9e791c7cfa59d6b4cc1d05589414885249931d59843229506fdaaf75e2a

  • SSDEEP

    768:CyaR6TKFrRIMe+3vA5xCZXr34G3GRGHQBkmHXjVpu98qYS33+AzkS06:ooYIMj34XCBEGWqMjfu9g4ks

Score
10/10
strratdiscoverypersistencestealertrojan

Malware Config

Extracted

Family

strrat

C2

2024logs.freetcp.com:8082

Attributes
  • license_id

    RKA0-KES0-EPPK-UDRO-JNCG

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      SB COPY6827366180.PDF.jar

    • Size

      40KB

    • MD5

      0ec695117cb3bf0f1a8cef9a77f7675a

    • SHA1

      e1152ed31dad5535bbeb5b63d61491d5fadd4787

    • SHA256

      243a5315c031347617620bb5c8b694b3308932530519abc04e00c7c4fd7f7c62

    • SHA512

      b9b27c10a0363fc38a219e8c9b795e284003e94b5851c30e30907b766bba88aa2e81701edd222461a5379a4daca0f094527f2fdca3da132aafede02d27bc8bf7

    • SSDEEP

      768:qzXFN70ZIv326vOAZT1S0dNMAkuyC9iS7hKouufPN7c:qzXj7eYNJkchvN4

    Score
    10/10
    strratpersistencestealertrojandiscovery

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks