strrat | 28c5f3f967c94fa02ddbcabae45ee8d4908744503176d540463e84d8dfc76385 | Triage

Sharing

General

Target

0098203000.jar
Size

126KB
Sample

240205-r2e4aacber
MD5

b11d5575a0e2ce232e779eb0d287c190
SHA1

834c8af930b52f32afc9ba87c53236b19f7675da
SHA256

28c5f3f967c94fa02ddbcabae45ee8d4908744503176d540463e84d8dfc76385
SHA512

2f8a55f3bc9ce16bc8639d8efc614b596d8a250006b14f86aabb24a27a52fcebfccb597c701d8a6e2d2633b7204bfc1e3bc2e4c9e2ac37aab045d85346af306c
SSDEEP

3072:NZwhKvKvdjDNlUCLAJylvpyEFPlKEf5SmDv:sFfNlHL2KvpHFPlKC7

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

chevronciti.dns05.com:7888

chevronciti.dns05.com:7881

Attributes

license_id
khonsari
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  0098203000.jar
- Size
  
  126KB
- MD5
  
  b11d5575a0e2ce232e779eb0d287c190
- SHA1
  
  834c8af930b52f32afc9ba87c53236b19f7675da
- SHA256
  
  28c5f3f967c94fa02ddbcabae45ee8d4908744503176d540463e84d8dfc76385
- SHA512
  
  2f8a55f3bc9ce16bc8639d8efc614b596d8a250006b14f86aabb24a27a52fcebfccb597c701d8a6e2d2633b7204bfc1e3bc2e4c9e2ac37aab045d85346af306c
- SSDEEP
  
  3072:NZwhKvKvdjDNlUCLAJylvpyEFPlKEf5SmDv:sFfNlHL2KvpHFPlKC7
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2