strrat | 88a9b4cfac5ba3a433942f8f4e489229f0fd694a7f9a78a8b6ca5cc5dc590e00 | Triage

Sharing

General

Target

MVO4879773357878.jar
Size

109KB
Sample

240329-p3gmdsha31
MD5

ee75fce2158c3587daa560419f122001
SHA1

760d09adceeb4903db4130ef0d28654915844d5d
SHA256

88a9b4cfac5ba3a433942f8f4e489229f0fd694a7f9a78a8b6ca5cc5dc590e00
SHA512

c1a4ce9bf70ced9adee8f2955573e65777bc3e4151dacca076502cbd8cb8af9ceb5735cfed73e2bb9d8617961a3862ef94f440d25ab9f948407705b1a88d4229
SSDEEP

3072:QOOwYuveeNu/6Xy8HZknOZ6Xdbx9kkTrxZKXZnmVOEvIT:KwdveeoiXy8Cny6Nbx9nrxZKJtEvS

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

d4money.dynamic-dns.net:7888

d4money.dynamic-dns.net:7881

Attributes

license_id
khonsari
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  MVO4879773357878.jar
- Size
  
  109KB
- MD5
  
  ee75fce2158c3587daa560419f122001
- SHA1
  
  760d09adceeb4903db4130ef0d28654915844d5d
- SHA256
  
  88a9b4cfac5ba3a433942f8f4e489229f0fd694a7f9a78a8b6ca5cc5dc590e00
- SHA512
  
  c1a4ce9bf70ced9adee8f2955573e65777bc3e4151dacca076502cbd8cb8af9ceb5735cfed73e2bb9d8617961a3862ef94f440d25ab9f948407705b1a88d4229
- SSDEEP
  
  3072:QOOwYuveeNu/6Xy8HZknOZ6Xdbx9kkTrxZKXZnmVOEvIT:KwdveeoiXy8Cny6Nbx9nrxZKJtEvS
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2