strrat | 83f4d1fd06965361ddd76fb9d1c132a0f1b8dcbfbc41309f73ac152b8c922f43 | Triage

Sharing

General

Target

f9c912be352f38dce2c0e9743e9a46ba.bin
Size

202KB
Sample

240302-elwpwaad53
MD5

a723f6aa385473bf4fe35884b25d7def
SHA1

9772d6e9190e6dae023dcd3212ecc0c295130019
SHA256

83f4d1fd06965361ddd76fb9d1c132a0f1b8dcbfbc41309f73ac152b8c922f43
SHA512

79e335a46a1adb985bf012a5c3c14b8481dd1a5060d16466aecbcf4cd2090b355455516d2988e626c1e334ce4b8b0d23a21adf4719387d8afa23edef0f2b1aea
SSDEEP

6144:9QOt8JzYvCzn4A9nxhSY5xIbk0XE3P0C5Z:x8p4ixz2fOP0yZ

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

tzitziklishop3.ddns.net:7800

103.114.104.158:7800

Attributes

license_id
DB1U-CVGT-7HUG-X0A0-GNWH
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  21d2af8f6192380ebf0c91923df9a12a0d6b3c26f8478da73c8d8bf0d3963756.jar
- Size
  
  209KB
- MD5
  
  f9c912be352f38dce2c0e9743e9a46ba
- SHA1
  
  da2c05295eaff7e917a99b87c426d673f021a8ab
- SHA256
  
  21d2af8f6192380ebf0c91923df9a12a0d6b3c26f8478da73c8d8bf0d3963756
- SHA512
  
  14f7409a78cf4bd9f8b1943f24a9ecb591e5bc5e3eb25aa485f084c5881017f74faa3680ca83f4f732afbdd1361ee448d93ddc14a22858afcb490ed1a4bbb5fa
- SSDEEP
  
  6144:Ve/8hJTHV/SaxkiQzyORDGVWWUIYucPBVmyKT:VeUh1FjTQBaWWUIqTKT
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2