Overview

overview

10

Static

static

10

adb3339242...56.jar

windows7-x64

10

adb3339242...56.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adb3339242b796ed48346e8d3228c8d3157ea01fbbf1590f3dbd255d62036b56.jar

  • Size

    64KB

  • Sample

    240323-cxmv1acc98

  • MD5

    c5ccda6e6a108412c4c34cd17f3b421d

  • SHA1

    e9d90ce1bc7881a45cea1a583ce41724f31310d2

  • SHA256

    adb3339242b796ed48346e8d3228c8d3157ea01fbbf1590f3dbd255d62036b56

  • SHA512

    1d7c10bfe158fa0c75750353ebd9102afcf3f74643d2a41f7ff8563b89bc395ca3470850d8fd84cd6a1d41c8cc2e0c2ab7b2f7a4979a481bd5492c8a591fa47e

  • SSDEEP

    1536:grXv/fcVMHH45ofDI4extOPLjOU09xJ9d3W4U0w:gL/xHY5SStOPLjwM4U3

Score
10/10
strratdiscoverypersistencestealertrojan

Malware Config

Extracted

Family

strrat

C2

elastsolek21.duckdns.org:4781

zekeriyasolek45.duckdns.org:4781
Attributes
  • license_id

    WFC9-W4KB-388F-9KY1-S6JV

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Targets

    • Target

      adb3339242b796ed48346e8d3228c8d3157ea01fbbf1590f3dbd255d62036b56.jar

    • Size

      64KB

    • MD5

      c5ccda6e6a108412c4c34cd17f3b421d

    • SHA1

      e9d90ce1bc7881a45cea1a583ce41724f31310d2

    • SHA256

      adb3339242b796ed48346e8d3228c8d3157ea01fbbf1590f3dbd255d62036b56

    • SHA512

      1d7c10bfe158fa0c75750353ebd9102afcf3f74643d2a41f7ff8563b89bc395ca3470850d8fd84cd6a1d41c8cc2e0c2ab7b2f7a4979a481bd5492c8a591fa47e

    • SSDEEP

      1536:grXv/fcVMHH45ofDI4extOPLjOU09xJ9d3W4U0w:gL/xHY5SStOPLjwM4U3

    Score
    10/10
    strratpersistencestealertrojandiscovery

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks