strrat | fd1f2d7ef1b439e6ade27864ba09044b2174781f939bde0afb5ad15b0e51a4ee | Triage

Sharing

General

Target

1f1f27ded1ea733d6be70e13bb1ecd60.bin
Size

202KB
Sample

240225-bmma2she78
MD5

278052b39c7ecd68d49d3d7389237766
SHA1

24b3d02cbb7c859397094f046da521a7e1800680
SHA256

fd1f2d7ef1b439e6ade27864ba09044b2174781f939bde0afb5ad15b0e51a4ee
SHA512

db11127ab40a6e4e1ec4b51b314ac4f50e13d0dbb02b8116b0c7f76f2776d1f20e7a75263b993086047b84c86187ad42dc18fdb1076d21c2b1f76d3356b8d73a
SSDEEP

6144:0VodDWWMByHkxED7bac1VKr4Gnn3LQMP/:0rtjcXK0iJP/

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

popintertradeer.ddns.net:7888

142.147.97.149:7888

Attributes

license_id
GLW8-JSOY-7FVW-SQ76-CUY0
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  cd95317ffcd0cf91eb2ce9fa6a0d062a9a1dab9fd278654b85172445873e5fcb.jar
- Size
  
  209KB
- MD5
  
  1f1f27ded1ea733d6be70e13bb1ecd60
- SHA1
  
  d03405a17b31e3f58ab90d4cb1ee08f9ba0cf131
- SHA256
  
  cd95317ffcd0cf91eb2ce9fa6a0d062a9a1dab9fd278654b85172445873e5fcb
- SHA512
  
  e8f50c947fb25b286185bbeda4ba70b2efbb545584e8f7ab018752f7dec84b1ea3aa13f052620b8e7f2d635d4e480cd3657af71cc29c524512b4cd35879a88c4
- SSDEEP
  
  3072:jVhrFK2o50lj/H9OtNodDZawwcSHpHA1QNPmnztEHb7yR7MBprhF19AyGZV4etuc:jp7jx1fwcCg1QNPmzmKdMBnF/c42
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2