strrat | 3a1f6872728b85b1777450badac363ede549d11d2144b5af35035c1e0da60de9 | Triage

Sharing

General

Target

a405af40a581ee2f0408f195eac26dc9
Size

99KB
Sample

240225-rtspeaef2w
MD5

a405af40a581ee2f0408f195eac26dc9
SHA1

89070bac1eff692f089c431d6b95ad64095e77c9
SHA256

3a1f6872728b85b1777450badac363ede549d11d2144b5af35035c1e0da60de9
SHA512

8fcd879ecb732b1c953dfd3a73b5433357fa56f850f99b202504828e8f1b8b2a6b3ec5f69c062480b14530468b3b60695fc52b5c47682d9b653b78b68797b59c
SSDEEP

3072:qES7fGr+2adei9woomfn9FvfjxJOFlPDtH:qES4+2adbH7fjfIDtH

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

103.133.105.29:2664

127.0.0.1:2664

Attributes

license_id
FDFL-86AF-249Z-UP6D-RTBW
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  a405af40a581ee2f0408f195eac26dc9
- Size
  
  99KB
- MD5
  
  a405af40a581ee2f0408f195eac26dc9
- SHA1
  
  89070bac1eff692f089c431d6b95ad64095e77c9
- SHA256
  
  3a1f6872728b85b1777450badac363ede549d11d2144b5af35035c1e0da60de9
- SHA512
  
  8fcd879ecb732b1c953dfd3a73b5433357fa56f850f99b202504828e8f1b8b2a6b3ec5f69c062480b14530468b3b60695fc52b5c47682d9b653b78b68797b59c
- SSDEEP
  
  3072:qES7fGr+2adei9woomfn9FvfjxJOFlPDtH:qES4+2adbH7fjfIDtH
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2