strrat | 26409557fae189649d0979f398b455c1c5ca4399519ece1c4133db745c207fe3 | Triage

Sharing

General

Target

67803465783202172024.PDF.zip
Size

215KB
Sample

240220-h67vesdh57
MD5

2fde0d14a30e2cd89b347d6a51b1fa02
SHA1

47c50800804e4fc1c13c39261419f7c31cf21a4b
SHA256

26409557fae189649d0979f398b455c1c5ca4399519ece1c4133db745c207fe3
SHA512

3a839753eda176a92e272ce62bd9965cf6490638a71e54c251aed5f2223541f5286f7b306a20bc95624eca404acabbb715be847bb7b9de4754747668b7d56d9b
SSDEEP

6144:R/P0GpN8C8GpSJZK+CdydPdIpGBbMc9UujhHJpv6H:R/P0GpN8CNofpCMdFHNjZJpCH

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

freeman.dsmtp.com:8082

Attributes

license_id
khonsari
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  67803465783202172024.PDF.jar
- Size
  
  222KB
- MD5
  
  169327613f58d6f672b61baa0b1e62a7
- SHA1
  
  677b3834020234903eac5266a43737a445070191
- SHA256
  
  81c4d89e77524faab2fd20e4fc2ebeec3af8c0bebfe598847c0d1afbd0245e5e
- SHA512
  
  8263c399e1b95393063ae2ba548efa3c0d556e747fb85f058756d9e331889aa94c710eec50322bdf8b5887b9f89e96a91efd4e061e267349eb19d9e297f99e79
- SSDEEP
  
  6144:WvVDmmNNp7JoEJ1zp9i9c5uPpKt9GXB7axe:WDPRT1F9Cc5uO9GR7aM
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2