strrat | 79098273db492173009ed9fdd408224f010bb6222a09f4f93fcc6de5bf324acc | Triage

Sharing

General

Target

79098273db492173009ed9fdd408224f010bb6222a09f4f93fcc6de5bf324acc.jar
Size

209KB
Sample

240303-fyt79adh72
MD5

b6211e0aea888d1d1502812dc2a6e26c
SHA1

8f0e44f2128b2451dd681f7c807ecdba1283f0c4
SHA256

79098273db492173009ed9fdd408224f010bb6222a09f4f93fcc6de5bf324acc
SHA512

0021749654fe4d56163fda85a975e7335820becaa8889dec59a7b35d3faa97dc67f0516b77257a7881c45b5c4cc66829ba8b4d830cf3c0160af79ddda460770b
SSDEEP

6144:J2j85JHHl/6C1kOQzyaRfiVO6w0UuwPdVmyKw:J2Y59VHXQVqO6w02PKw

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

tzitziklishop3.ddns.net:7800

103.114.104.158:7800

Attributes

license_id
DB1U-CVGT-7HUG-X0A0-GNWH
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  79098273db492173009ed9fdd408224f010bb6222a09f4f93fcc6de5bf324acc.jar
- Size
  
  209KB
- MD5
  
  b6211e0aea888d1d1502812dc2a6e26c
- SHA1
  
  8f0e44f2128b2451dd681f7c807ecdba1283f0c4
- SHA256
  
  79098273db492173009ed9fdd408224f010bb6222a09f4f93fcc6de5bf324acc
- SHA512
  
  0021749654fe4d56163fda85a975e7335820becaa8889dec59a7b35d3faa97dc67f0516b77257a7881c45b5c4cc66829ba8b4d830cf3c0160af79ddda460770b
- SSDEEP
  
  6144:J2j85JHHl/6C1kOQzyaRfiVO6w0UuwPdVmyKw:J2Y59VHXQVqO6w02PKw
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2