strrat | 8dd3b1a8146a6e777fa6b3e9f69071058aa73f756876c88f4c8e9be17e4a6483 | Triage

Sharing

General

Target

NEW ORDER FOR MARCH.jar
Size

209KB
Sample

240229-h3slbsab72
MD5

288df8ebedd13b531e74c5f9ce730b2c
SHA1

5560f86aa3370b500a71837494da09ba7ba35516
SHA256

8dd3b1a8146a6e777fa6b3e9f69071058aa73f756876c88f4c8e9be17e4a6483
SHA512

d017ebfdff1765759a66006785ed51024ef14b615090368aaff2c92e4b2bfcdc25e41ee3f146eecb51b724b50b7e5ec6d10584cea427e1a34bf6a86ff293364d
SSDEEP

6144:qEw8tJIH//nRBnmszyNRJAVdjifpuHPqVmyKd:qE5t6XbmsCudjifyeKd

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

tzitziklishop3.ddns.net:7800

103.114.104.158:7800

Attributes

license_id
DB1U-CVGT-7HUG-X0A0-GNWH
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  NEW ORDER FOR MARCH.jar
- Size
  
  209KB
- MD5
  
  288df8ebedd13b531e74c5f9ce730b2c
- SHA1
  
  5560f86aa3370b500a71837494da09ba7ba35516
- SHA256
  
  8dd3b1a8146a6e777fa6b3e9f69071058aa73f756876c88f4c8e9be17e4a6483
- SHA512
  
  d017ebfdff1765759a66006785ed51024ef14b615090368aaff2c92e4b2bfcdc25e41ee3f146eecb51b724b50b7e5ec6d10584cea427e1a34bf6a86ff293364d
- SSDEEP
  
  6144:qEw8tJIH//nRBnmszyNRJAVdjifpuHPqVmyKd:qE5t6XbmsCudjifyeKd
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2