strrat | 0352732011c82ddbc89c86f732bd0c3acb9a9c6caf7bdbcb99bb08b68a9db1db | Triage

Sharing

General

Target

00293828403xlspdf.jar
Size

125KB
Sample

240210-kgb3kahh2t
MD5

acdf87548c106b4271d86ad9e5afb859
SHA1

0c4108f5b00a0d72d42050757b1fb8d144b44a96
SHA256

0352732011c82ddbc89c86f732bd0c3acb9a9c6caf7bdbcb99bb08b68a9db1db
SHA512

5b6268cf0d7cbac10d015f237b3c86b8dddc9ccb82d47e3aa975feeeed09e4a5315522ae177584a63a6f8562ca3bb5df5bb328f63d24f2e661584bf8d0939477
SSDEEP

3072:ZvPwf6XB5qfvyaKJUbyp4VIVG72WpVErn+kysWOZE2Dt8:Fw8Sij6bWSIVS2WfEEstI

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

chevronciti.dns05.com:7888

chevronciti.dns05.com:7881

Attributes

license_id
khonsari
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  00293828403xlspdf.jar
- Size
  
  125KB
- MD5
  
  acdf87548c106b4271d86ad9e5afb859
- SHA1
  
  0c4108f5b00a0d72d42050757b1fb8d144b44a96
- SHA256
  
  0352732011c82ddbc89c86f732bd0c3acb9a9c6caf7bdbcb99bb08b68a9db1db
- SHA512
  
  5b6268cf0d7cbac10d015f237b3c86b8dddc9ccb82d47e3aa975feeeed09e4a5315522ae177584a63a6f8562ca3bb5df5bb328f63d24f2e661584bf8d0939477
- SSDEEP
  
  3072:ZvPwf6XB5qfvyaKJUbyp4VIVG72WpVErn+kysWOZE2Dt8:Fw8Sij6bWSIVS2WfEEstI
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2