strrat | 541593de78f03a5c0fe6aa5146148b320daa1582e1940d8f53530daa9d839a18 | Triage

Sharing

General

Target

a3c158be8374abd88fa2017ed42b1993
Size

79KB
Sample

240225-pe82qsbb74
MD5

a3c158be8374abd88fa2017ed42b1993
SHA1

32a0e441efd32cfe7b052f4b39cec6bf7210ef0f
SHA256

541593de78f03a5c0fe6aa5146148b320daa1582e1940d8f53530daa9d839a18
SHA512

d3b15193f948d34bb6b7560e0fb51a228354bb3bf0c2b12836ebe38ac0e9f93968acff79d23d540c34f64c2ec241a4211a6e78613d4412362cfbff4f2eab22be
SSDEEP

1536:BUukjxiLjb9Atk31fd7UiBrqYYZ3Nz+2SN+n1cswwiCT3ZbR2OLaztWf31ns:ByjxiBAtuZjp/YNNz+2SN+n19di83ZbY

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

51.161.197.23:77

Attributes

license_id
Q700-KUYB-QL61-6VZM-ZMMN
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  a3c158be8374abd88fa2017ed42b1993
- Size
  
  79KB
- MD5
  
  a3c158be8374abd88fa2017ed42b1993
- SHA1
  
  32a0e441efd32cfe7b052f4b39cec6bf7210ef0f
- SHA256
  
  541593de78f03a5c0fe6aa5146148b320daa1582e1940d8f53530daa9d839a18
- SHA512
  
  d3b15193f948d34bb6b7560e0fb51a228354bb3bf0c2b12836ebe38ac0e9f93968acff79d23d540c34f64c2ec241a4211a6e78613d4412362cfbff4f2eab22be
- SSDEEP
  
  1536:BUukjxiLjb9Atk31fd7UiBrqYYZ3Nz+2SN+n1cswwiCT3ZbR2OLaztWf31ns:ByjxiBAtuZjp/YNNz+2SN+n19di83ZbY
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2