strrat | ede6d3a6701e52285599fbb007f446572fbf8c7e1da1deb21c1f0526fd661e3f | Triage

Sharing

General

Target

2d5d4212065ca4cd30b1db90d381a709.bin
Size

202KB
Sample

240304-b24hwaed4y
MD5

c1b5a3ba465c1ed30ab6d04d0d189f22
SHA1

9a0607a8863a1d6c43d163fd1fecafb5a4269b92
SHA256

ede6d3a6701e52285599fbb007f446572fbf8c7e1da1deb21c1f0526fd661e3f
SHA512

5f7b7200049cf3116a7f6a7e117e8fa8529d9b6b23f9d40e91824247411c22809a5276f9c49bf86aa7b9acf64324533029cc207ac3425d064064b5afc5d979b7
SSDEEP

3072:1E/FJrAXAinPzzLGviaDDTu9oEno79vMQ1toJZorbzYl7WxZ4RolWx2S3Iq9qQiR:adVhiLGvdTu9To7SQ4JZRl0lbtq9q95p

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

tzitziklishop3.ddns.net:7800

103.114.104.158:7800

Attributes

license_id
DB1U-CVGT-7HUG-X0A0-GNWH
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  63c6996a03acda7db008bf6d1522b06efdff5fcdf7103b31767ebd47cee72a59.jar
- Size
  
  209KB
- MD5
  
  2d5d4212065ca4cd30b1db90d381a709
- SHA1
  
  932d1a564bcbf46488d9797c8bfe4463390d0799
- SHA256
  
  63c6996a03acda7db008bf6d1522b06efdff5fcdf7103b31767ebd47cee72a59
- SHA512
  
  e8e39bbdf062a6097e99752c845ef8ccbe705bce5251c5a68905cfcfcf6139e722cacaaaab733a82b54323b651e5edff07cfff65b3103175f938dceb39cedc37
- SSDEEP
  
  6144:+Io8hJ0H//T5pbC8zylRdUVR36TduPPGVmyKb:+IxhuXnm8WGR36Ti6Kb
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2