strrat | 36bf584a3c3ece520fb889a475ca4e2976925e70f5d240b2020ea7f882839fb8 | Triage

Sharing

General

Target

3333050c3c251d6d86514742a16005e4.bin
Size

202KB
Sample

240304-b6hrzafc85
MD5

1f684bd47ddeec038ad488755b12e058
SHA1

be330d9942b18166e3615aca5a103390fb35a766
SHA256

36bf584a3c3ece520fb889a475ca4e2976925e70f5d240b2020ea7f882839fb8
SHA512

f7949bf08ec97f119fcb9efa5e858c29081d80cc29d1602416b78007eff0e879ae7b817b3f8c85b96fc055766c6e72f6b945fc32a35dd4146aed98bb6a0ef2d0
SSDEEP

3072:TJB1VgW1KIJXr4ItnUqkBrrWOiH933EVd1K5IcWzjpbhErWbsXOnTiXGp0:TlyW1KANtU/S93Ads5gzjDkW4EiXGp0

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

tzitziklishop3.ddns.net:7800

103.114.104.158:7800

Attributes

license_id
DB1U-CVGT-7HUG-X0A0-GNWH
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  67e00d139b6348ec53d26f3cdcc3e958fe76a35ea933199a615e210667a5ade7.jar
- Size
  
  209KB
- MD5
  
  3333050c3c251d6d86514742a16005e4
- SHA1
  
  672122d7cb8b07c939f4bf1415e9c253bd3e41e4
- SHA256
  
  67e00d139b6348ec53d26f3cdcc3e958fe76a35ea933199a615e210667a5ade7
- SHA512
  
  208d54ece920d384dd8a025c3c70114ec040713c3aa6991f574fa343853d2f098bc8bebc213f35f605c6c3c52d72be1f51d5a48f77ff76a959cffac5d1d78559
- SSDEEP
  
  6144:fm98tJ9Hd/A8FSywzy4RrCVws46CumPHVmyKk:fmatjt7Rw/ews46qNKk
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2