strrat | b1b3403d8ae2871c50f7a5cdb7f9d83634a83c23072468fe71d0538c912bbad8 | Triage

Sharing

General

Target

AMENDED PO-120004445-4100126520.jar
Size

172KB
Sample

240321-vqtzvaef4t
MD5

fb8a3018ade8d911f0c205d832c3279d
SHA1

16e480ffe0238e85318ad5ddd370ce55f296dd2d
SHA256

b1b3403d8ae2871c50f7a5cdb7f9d83634a83c23072468fe71d0538c912bbad8
SHA512

2a25900dc96f50e04ccd9a1dfc4dc202b7ae8dfa63c099058cd9f237aaddde2a669b9ba4e7f822f71b7b01027cc4923703760ed7c4ea168b2fe9462b475833cd
SSDEEP

3072:JwtgWCeR01ZvdgOpw8CNc45gOI5IM7hSIhesNMqeD9mcvyJGJ5fjjh1:qtgWkppuc4Fy7UIhes2548fv/

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

193.25.214.192:8238

Attributes

license_id
BTK7-0GGP-XV7B-WYAO-3UER
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  AMENDED PO-120004445-4100126520.jar
- Size
  
  172KB
- MD5
  
  fb8a3018ade8d911f0c205d832c3279d
- SHA1
  
  16e480ffe0238e85318ad5ddd370ce55f296dd2d
- SHA256
  
  b1b3403d8ae2871c50f7a5cdb7f9d83634a83c23072468fe71d0538c912bbad8
- SHA512
  
  2a25900dc96f50e04ccd9a1dfc4dc202b7ae8dfa63c099058cd9f237aaddde2a669b9ba4e7f822f71b7b01027cc4923703760ed7c4ea168b2fe9462b475833cd
- SSDEEP
  
  3072:JwtgWCeR01ZvdgOpw8CNc45gOI5IM7hSIhesNMqeD9mcvyJGJ5fjjh1:qtgWkppuc4Fy7UIhes2548fv/
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2