strrat | 3be0cdc4b221e128b5176c276018c0bfb942872bb8b5cc46b1e8c87c4b1e0f37 | Triage

Sharing

General

Target

a704635a31b878b7ccb0c3748be4c0a78050facb.jar.tar.gz
Size

202KB
Sample

240327-lt4tsahe79
MD5

df7cb27323f1646d763f4d1ff5a664da
SHA1

567237ed4b0506dd333bfa33164b97a0b0432a75
SHA256

3be0cdc4b221e128b5176c276018c0bfb942872bb8b5cc46b1e8c87c4b1e0f37
SHA512

c771b1ff425bc01d4d5f0c127d7ae58acd9aa9fd867698064c69bf7d062bea3761766a01b3a218108496890760fc0e93cd1eecc2616b91bbbc2b22c0c3ba6209
SSDEEP

6144:3xZUvzFZRVSeBJH9c6doW749rM87eCUa3kNvfC:BZUL7RVSIZeLrMF/FfC

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

tzitziklishop3.ddns.net:7800

103.151.123.225:7800

Attributes

license_id
DB1U-CVGT-7HUG-X0A0-GNWH
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  a704635a31b878b7ccb0c3748be4c0a78050facb.jar
- Size
  
  209KB
- MD5
  
  2631f382e1331a43ac6e6ad95e5388ca
- SHA1
  
  a704635a31b878b7ccb0c3748be4c0a78050facb
- SHA256
  
  a8feb910ca86e5082fbabffab4e148795772c8a334d25714a8d8b03cf84db50f
- SHA512
  
  c4ea3ce981c10ac065e714c27299ad60dc9abc12964f206bb7279db4388a1d08ee415407cc13074e54ab177f369c492ef9d17f93df598f32d25b6b0452c80c99
- SSDEEP
  
  6144:zKR81J1HN/AoduekzyURzqV8sQSeuKPLVmyKs:zK+1jdTBk/28sQSSRKs
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2