strrat | 18c9eb77a8395a0f4c8c5d1ffefd3155e142fabb4b7516678e56f56704bd257e | Triage

Sharing

General

Target

b6211e0aea888d1d1502812dc2a6e26c.bin
Size

202KB
Sample

240304-d8gzkagh4x
MD5

7ce1c24bf5c13b953619a9f2f96f3065
SHA1

f3fc2fcd7470d912c808c1812c3cef43f909d391
SHA256

18c9eb77a8395a0f4c8c5d1ffefd3155e142fabb4b7516678e56f56704bd257e
SHA512

8fcf43e8a8a9eb09a0c9533b5c7dd8cf0d329f2b9a64427a333b219be90a979a7b9cbc3089734b2f034249eec007cc042b7d2e62e3b10c66798c5d34b146807e
SSDEEP

3072:6V6pHmVs3KdpC1BWd3whnXZNhlA8sYUtT8IEeOxdtiVzfr7VvytZO+skWCjmKxb9:L2tC1AdghnXLhroE3toD7VTkW+mKj

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

tzitziklishop3.ddns.net:7800

103.114.104.158:7800

Attributes

license_id
DB1U-CVGT-7HUG-X0A0-GNWH
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  79098273db492173009ed9fdd408224f010bb6222a09f4f93fcc6de5bf324acc.jar
- Size
  
  209KB
- MD5
  
  b6211e0aea888d1d1502812dc2a6e26c
- SHA1
  
  8f0e44f2128b2451dd681f7c807ecdba1283f0c4
- SHA256
  
  79098273db492173009ed9fdd408224f010bb6222a09f4f93fcc6de5bf324acc
- SHA512
  
  0021749654fe4d56163fda85a975e7335820becaa8889dec59a7b35d3faa97dc67f0516b77257a7881c45b5c4cc66829ba8b4d830cf3c0160af79ddda460770b
- SSDEEP
  
  6144:J2j85JHHl/6C1kOQzyaRfiVO6w0UuwPdVmyKw:J2Y59VHXQVqO6w02PKw
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2