strrat | 8a0139670ac058d3c3c4fe64ba762b39e692f0cff7cc752ae438396ecd2ab0df | Triage

Sharing

General

Target

EUR-32608-Swift.jar
Size

209KB
Sample

240313-qgndgsdf9x
MD5

bab2e737e8f87c387d069a4ae9af3a68
SHA1

2e936d38afa51c8adf496a3c58e431d1ca5cbf3f
SHA256

8a0139670ac058d3c3c4fe64ba762b39e692f0cff7cc752ae438396ecd2ab0df
SHA512

75cc6ee4731c75b9d40c08588f3b3a23d06d04b409ecea976b3008ed0f785e52e50e82fceef5f918fa31bd2050da9f413666d3f224b1fd8425982aec6545d118
SSDEEP

6144:7mF8ZJdHV/cwxa2UzyQRLaVIM0qOu2P7VmyKk:7mCZHFTlUfGIM0quBKk

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

tzitziklishop3.ddns.net:7800

103.151.123.225:7800

Attributes

license_id
DB1U-CVGT-7HUG-X0A0-GNWH
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  EUR-32608-Swift.jar
- Size
  
  209KB
- MD5
  
  bab2e737e8f87c387d069a4ae9af3a68
- SHA1
  
  2e936d38afa51c8adf496a3c58e431d1ca5cbf3f
- SHA256
  
  8a0139670ac058d3c3c4fe64ba762b39e692f0cff7cc752ae438396ecd2ab0df
- SHA512
  
  75cc6ee4731c75b9d40c08588f3b3a23d06d04b409ecea976b3008ed0f785e52e50e82fceef5f918fa31bd2050da9f413666d3f224b1fd8425982aec6545d118
- SSDEEP
  
  6144:7mF8ZJdHV/cwxa2UzyQRLaVIM0qOu2P7VmyKk:7mCZHFTlUfGIM0quBKk
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2