strrat | 5df03f19b8aa32a39b1f91c33ee5f9ae4d2c4027e3f793389ff843c34e073b97 | Triage

Sharing

General

Target

Quotation.jar
Size

178KB
Sample

240321-g663fseg2x
MD5

64e3a4b3d5db601ce4d8e204a2e00c87
SHA1

2642402b4bc5fdd3623e3887ed96318de57d1187
SHA256

5df03f19b8aa32a39b1f91c33ee5f9ae4d2c4027e3f793389ff843c34e073b97
SHA512

d3cf8305465bbfe9e5b58b7102871bf86aaf621d462749f17fcd0f727585adb3dcda59bdf60cc13922ce36b544010195c1024273bf0c26bda4ff4e6dcb3f05be
SSDEEP

3072:3+KW+iHgY5kQodGjZiyK2X4xBacn451qnYicydLdfixUUGG+pniEY2pNjUgSvy:3+9ngppd0ZWJ451eYicbQ4F24gSq

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

91.92.255.88:8088

Attributes

license_id
CERD-910S-RXCK-3Q9P-TMXX
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  Quotation.jar
- Size
  
  178KB
- MD5
  
  64e3a4b3d5db601ce4d8e204a2e00c87
- SHA1
  
  2642402b4bc5fdd3623e3887ed96318de57d1187
- SHA256
  
  5df03f19b8aa32a39b1f91c33ee5f9ae4d2c4027e3f793389ff843c34e073b97
- SHA512
  
  d3cf8305465bbfe9e5b58b7102871bf86aaf621d462749f17fcd0f727585adb3dcda59bdf60cc13922ce36b544010195c1024273bf0c26bda4ff4e6dcb3f05be
- SSDEEP
  
  3072:3+KW+iHgY5kQodGjZiyK2X4xBacn451qnYicydLdfixUUGG+pniEY2pNjUgSvy:3+9ngppd0ZWJ451eYicbQ4F24gSq
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2