strrat | f153105a307e9bc3457b4203f1920a1cef9ac4e14bb1e460d24685b78781e1d7 | Triage

Sharing

General

Target

CTIKUL SOA.jar
Size

182KB
Sample

240322-h8elnaca3y
MD5

e811acc241956da28397cfc904a208f8
SHA1

53ae77b97e46e1c0ead31f9441bb93ff0b365750
SHA256

f153105a307e9bc3457b4203f1920a1cef9ac4e14bb1e460d24685b78781e1d7
SHA512

f0234c99c07523f9cc85574e387523696dd3d299dbdb83c4e975ead7af2b36452283392945168cb12da763e8ec2c95e9c2e205a9bfd4b74b8de52d1f97e1e4e3
SSDEEP

3072:AI4ZqwQ46LT9iV0R9STkczeU6HaZIhUSnFj5dKEem6noUxspzBVp:FjwUP0V0R9rRLF9+7oUxSl7

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

93.123.39.147:8088

Attributes

license_id
O1D2-3RSR-H341-QFWS-2MFD
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  CTIKUL SOA.jar
- Size
  
  182KB
- MD5
  
  e811acc241956da28397cfc904a208f8
- SHA1
  
  53ae77b97e46e1c0ead31f9441bb93ff0b365750
- SHA256
  
  f153105a307e9bc3457b4203f1920a1cef9ac4e14bb1e460d24685b78781e1d7
- SHA512
  
  f0234c99c07523f9cc85574e387523696dd3d299dbdb83c4e975ead7af2b36452283392945168cb12da763e8ec2c95e9c2e205a9bfd4b74b8de52d1f97e1e4e3
- SSDEEP
  
  3072:AI4ZqwQ46LT9iV0R9STkczeU6HaZIhUSnFj5dKEem6noUxspzBVp:FjwUP0V0R9rRLF9+7oUxSl7
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2