strrat | 64e8cb522a3a4664791c27512d94a911bc2fbcbae09b625976ff8ac6809819d3 | Triage

Sharing

General

Target

64e8cb522a3a4664791c27512d94a911bc2fbcbae09b625976ff8ac6809819d3.jar
Size

178KB
Sample

240319-cw7tsaeh62
MD5

0f0274c22f9479969a5c7991a81d7233
SHA1

4eda9e68ffc9158532fe53d7939c45db671192cc
SHA256

64e8cb522a3a4664791c27512d94a911bc2fbcbae09b625976ff8ac6809819d3
SHA512

dbb6fd8b6cf2e86d540e7275f8040ffe003bf7866bfe86623b9ae402229fae598fe7e59533b8f099bcce97fbde09aea7728783879eb5f2a92664a3a4034615a5
SSDEEP

3072:/+ySyCvkYdkYAdyztiaKSr4ppewn4Z1SnYikytLdnipAUGGepviEY+pNjcMWBd:/+t7kxddQtad4Z1GYik3cAF+gMW7

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

94.156.65.18:8088

Attributes

license_id
CERD-910S-RXCK-3Q9P-TMXX
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  64e8cb522a3a4664791c27512d94a911bc2fbcbae09b625976ff8ac6809819d3.jar
- Size
  
  178KB
- MD5
  
  0f0274c22f9479969a5c7991a81d7233
- SHA1
  
  4eda9e68ffc9158532fe53d7939c45db671192cc
- SHA256
  
  64e8cb522a3a4664791c27512d94a911bc2fbcbae09b625976ff8ac6809819d3
- SHA512
  
  dbb6fd8b6cf2e86d540e7275f8040ffe003bf7866bfe86623b9ae402229fae598fe7e59533b8f099bcce97fbde09aea7728783879eb5f2a92664a3a4034615a5
- SSDEEP
  
  3072:/+ySyCvkYdkYAdyztiaKSr4ppewn4Z1SnYikytLdnipAUGGepviEY+pNjcMWBd:/+t7kxddQtad4Z1GYik3cAF+gMW7
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2