strrat | e35370cb7c8691b5fdd9f57f3f462807b40b067e305ce30eabc16e0642eca06b | Triage

Sharing

General

Target

SalykFormJavaKZ.jar
Size

219KB
Sample

240219-tz7rmagf69
MD5

d0aed4975f9801c4b43148877db005f2
SHA1

db0a00cc513cf289d7cd7d63904b2298c0470421
SHA256

e35370cb7c8691b5fdd9f57f3f462807b40b067e305ce30eabc16e0642eca06b
SHA512

9ccbaf4c988abf8e4f32b8250510635bf6f4b40757c9b9521641c5fffc94f84207af9711fba8593904a6caf95e6c8eaae186c9ad14f47d519bd5929738bf226b
SSDEEP

3072:pCzWri3o5f2bxizASvhSkbExhjWtOdvubfIBVvaFo495OsqBMAM/eGJl825Miek:EV3U6MhSkbKldmIBVF4yBq/eslzGc

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

https://pastebin.com/raw/8umPhg86:13771

https://pastebin.com/raw/67b8GSUQ:13672

Attributes

license_id
AP9X-81G0-30TN-HSIO-6SFI
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  SalykFormJavaKZ.jar
- Size
  
  219KB
- MD5
  
  d0aed4975f9801c4b43148877db005f2
- SHA1
  
  db0a00cc513cf289d7cd7d63904b2298c0470421
- SHA256
  
  e35370cb7c8691b5fdd9f57f3f462807b40b067e305ce30eabc16e0642eca06b
- SHA512
  
  9ccbaf4c988abf8e4f32b8250510635bf6f4b40757c9b9521641c5fffc94f84207af9711fba8593904a6caf95e6c8eaae186c9ad14f47d519bd5929738bf226b
- SSDEEP
  
  3072:pCzWri3o5f2bxizASvhSkbExhjWtOdvubfIBVvaFo495OsqBMAM/eGJl825Miek:EV3U6MhSkbKldmIBVF4yBq/eslzGc
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2