strrat | 21d2af8f6192380ebf0c91923df9a12a0d6b3c26f8478da73c8d8bf0d3963756 | Triage

Sharing

General

Target

21d2af8f6192380ebf0c91923df9a12a0d6b3c26f8478da73c8d8bf0d3963756.jar
Size

209KB
Sample

240301-fp6vpadd68
MD5

f9c912be352f38dce2c0e9743e9a46ba
SHA1

da2c05295eaff7e917a99b87c426d673f021a8ab
SHA256

21d2af8f6192380ebf0c91923df9a12a0d6b3c26f8478da73c8d8bf0d3963756
SHA512

14f7409a78cf4bd9f8b1943f24a9ecb591e5bc5e3eb25aa485f084c5881017f74faa3680ca83f4f732afbdd1361ee448d93ddc14a22858afcb490ed1a4bbb5fa
SSDEEP

6144:Ve/8hJTHV/SaxkiQzyORDGVWWUIYucPBVmyKT:VeUh1FjTQBaWWUIqTKT

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

tzitziklishop3.ddns.net:7800

103.114.104.158:7800

Attributes

license_id
DB1U-CVGT-7HUG-X0A0-GNWH
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  21d2af8f6192380ebf0c91923df9a12a0d6b3c26f8478da73c8d8bf0d3963756.jar
- Size
  
  209KB
- MD5
  
  f9c912be352f38dce2c0e9743e9a46ba
- SHA1
  
  da2c05295eaff7e917a99b87c426d673f021a8ab
- SHA256
  
  21d2af8f6192380ebf0c91923df9a12a0d6b3c26f8478da73c8d8bf0d3963756
- SHA512
  
  14f7409a78cf4bd9f8b1943f24a9ecb591e5bc5e3eb25aa485f084c5881017f74faa3680ca83f4f732afbdd1361ee448d93ddc14a22858afcb490ed1a4bbb5fa
- SSDEEP
  
  6144:Ve/8hJTHV/SaxkiQzyORDGVWWUIYucPBVmyKT:VeUh1FjTQBaWWUIqTKT
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2