strrat | cd95317ffcd0cf91eb2ce9fa6a0d062a9a1dab9fd278654b85172445873e5fcb | Triage

Sharing

General

Target

invoice58499.jar
Size

209KB
Sample

240223-snfnbsch2z
MD5

1f1f27ded1ea733d6be70e13bb1ecd60
SHA1

d03405a17b31e3f58ab90d4cb1ee08f9ba0cf131
SHA256

cd95317ffcd0cf91eb2ce9fa6a0d062a9a1dab9fd278654b85172445873e5fcb
SHA512

e8f50c947fb25b286185bbeda4ba70b2efbb545584e8f7ab018752f7dec84b1ea3aa13f052620b8e7f2d635d4e480cd3657af71cc29c524512b4cd35879a88c4
SSDEEP

3072:jVhrFK2o50lj/H9OtNodDZawwcSHpHA1QNPmnztEHb7yR7MBprhF19AyGZV4etuc:jp7jx1fwcCg1QNPmzmKdMBnF/c42

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

popintertradeer.ddns.net:7888

142.147.97.149:7888

Attributes

license_id
GLW8-JSOY-7FVW-SQ76-CUY0
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  invoice58499.jar
- Size
  
  209KB
- MD5
  
  1f1f27ded1ea733d6be70e13bb1ecd60
- SHA1
  
  d03405a17b31e3f58ab90d4cb1ee08f9ba0cf131
- SHA256
  
  cd95317ffcd0cf91eb2ce9fa6a0d062a9a1dab9fd278654b85172445873e5fcb
- SHA512
  
  e8f50c947fb25b286185bbeda4ba70b2efbb545584e8f7ab018752f7dec84b1ea3aa13f052620b8e7f2d635d4e480cd3657af71cc29c524512b4cd35879a88c4
- SSDEEP
  
  3072:jVhrFK2o50lj/H9OtNodDZawwcSHpHA1QNPmnztEHb7yR7MBprhF19AyGZV4etuc:jp7jx1fwcCg1QNPmzmKdMBnF/c42
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2