strrat | 32cbcd636b3295b79872dc883f84bd3c5f378f9e2bd64a73148e8a3d5d6d58f9 | Triage

Sharing

General

Target

9f431f7105d073752fd396105dc898ef
Size

94KB
Sample

240216-dd5r5sgb48
MD5

9f431f7105d073752fd396105dc898ef
SHA1

62058bd9d3683d7a6983d36722fede080b87c3d3
SHA256

32cbcd636b3295b79872dc883f84bd3c5f378f9e2bd64a73148e8a3d5d6d58f9
SHA512

26df1f20d773c009df88e440a484dd5feafc8f3ef46ddf90fcd465eb1c4b44bff112a44c2f79b9168aa64564bfd7a48ec14d110384e3d5d3944b9ada1460aee0
SSDEEP

1536:Ex4jk2LwtGGBCRLwZ0MQ6i98iZGmAT5hSXx93uf3gdTsypX7GufP16wzInBvOwv:VjLwtGLi0MQ6iS8ATo9efwfplP11zC

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

79.134.225.26:7888

Attributes

license_id
3CJV-H140-XWVJ-P21B-U6QX
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  9f431f7105d073752fd396105dc898ef
- Size
  
  94KB
- MD5
  
  9f431f7105d073752fd396105dc898ef
- SHA1
  
  62058bd9d3683d7a6983d36722fede080b87c3d3
- SHA256
  
  32cbcd636b3295b79872dc883f84bd3c5f378f9e2bd64a73148e8a3d5d6d58f9
- SHA512
  
  26df1f20d773c009df88e440a484dd5feafc8f3ef46ddf90fcd465eb1c4b44bff112a44c2f79b9168aa64564bfd7a48ec14d110384e3d5d3944b9ada1460aee0
- SSDEEP
  
  1536:Ex4jk2LwtGGBCRLwZ0MQ6i98iZGmAT5hSXx93uf3gdTsypX7GufP16wzInBvOwv:VjLwtGLi0MQ6iS8ATo9efwfplP11zC
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2