strrat | aeb931a31e504502a4664a86d7e15ee70f714caaaf74328a1b2d8690c25abef3 | Triage

Sharing

General

Target

3ad9f755a0629188254d9f380bf9a6c0_JaffaCakes118
Size

184KB
Sample

240330-nk371aef24
MD5

3ad9f755a0629188254d9f380bf9a6c0
SHA1

64b96a7937d56c2efb0d25be62a7cedb004b8cd3
SHA256

aeb931a31e504502a4664a86d7e15ee70f714caaaf74328a1b2d8690c25abef3
SHA512

b9555db22a04af028c57ee3e95f48c80dc28e839f68d14653dad18e8abb3ca461f86004b2cd81bb16a3e1bc56e5098f05ec5dbfe2c0cf2a72fe2ab1f73d8d151
SSDEEP

3072:DQaseAJKMlsl+egEUWAFeY4dOQjMCV2GEccpa0GKGjX/4Tv6fNuOvZpzSM9wddOb:0aselMlsAegEUWAFb4CCV2/ccpxGwu0w

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

31.210.20.102:2664

127.0.0.1:2664

Attributes

license_id
FDFL-86AF-249Z-UP6D-RTBW
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  3ad9f755a0629188254d9f380bf9a6c0_JaffaCakes118
- Size
  
  184KB
- MD5
  
  3ad9f755a0629188254d9f380bf9a6c0
- SHA1
  
  64b96a7937d56c2efb0d25be62a7cedb004b8cd3
- SHA256
  
  aeb931a31e504502a4664a86d7e15ee70f714caaaf74328a1b2d8690c25abef3
- SHA512
  
  b9555db22a04af028c57ee3e95f48c80dc28e839f68d14653dad18e8abb3ca461f86004b2cd81bb16a3e1bc56e5098f05ec5dbfe2c0cf2a72fe2ab1f73d8d151
- SSDEEP
  
  3072:DQaseAJKMlsl+egEUWAFeY4dOQjMCV2GEccpa0GKGjX/4Tv6fNuOvZpzSM9wddOb:0aselMlsAegEUWAFb4CCV2/ccpxGwu0w
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2