strrat | fe05fed36a2b6c2118716120f085ebc72a3baad8e3372942e57926731c8919ab | Triage

Sharing

General

Target

shipping bill.jar
Size

126KB
Sample

240226-pffrksdc75
MD5

31ac77837bcf9eab9de823001a548afe
SHA1

06925f6d41bf7d2a04989095feb9a641e069ae17
SHA256

fe05fed36a2b6c2118716120f085ebc72a3baad8e3372942e57926731c8919ab
SHA512

15d6cf4d1740302258dbf690b88dce0ba9fcf5d36f57244d688d5009952c182a8db71d0e10925f15d2c9ff2201057dcc910a4e2abc2400971b5c9f267f828f11
SSDEEP

3072:bQskmZaPlSPkevgkUlMyr9VhMQknMaxDKLc5QHN8Qbf:7UdYvgj2iMMalBCNj7

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

chevronciti.dns05.com:7888

chevronciti.dns05.com:7881

Attributes

license_id
khonsari
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  shipping bill.jar
- Size
  
  126KB
- MD5
  
  31ac77837bcf9eab9de823001a548afe
- SHA1
  
  06925f6d41bf7d2a04989095feb9a641e069ae17
- SHA256
  
  fe05fed36a2b6c2118716120f085ebc72a3baad8e3372942e57926731c8919ab
- SHA512
  
  15d6cf4d1740302258dbf690b88dce0ba9fcf5d36f57244d688d5009952c182a8db71d0e10925f15d2c9ff2201057dcc910a4e2abc2400971b5c9f267f828f11
- SSDEEP
  
  3072:bQskmZaPlSPkevgkUlMyr9VhMQknMaxDKLc5QHN8Qbf:7UdYvgj2iMMalBCNj7
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2