strrat | 00d5640fdd3c1dd3baca7b092ec5aba640394a254477f79a9a58e2c9732babeb | Triage

Sharing

General

Target

58033c34f29d72ad5baebf2193d17d73_JaffaCakes118
Size

184KB
Sample

240331-tkqvkafb24
MD5

58033c34f29d72ad5baebf2193d17d73
SHA1

780ef4d0957c081f17928c16a21cda1240c0a2a0
SHA256

00d5640fdd3c1dd3baca7b092ec5aba640394a254477f79a9a58e2c9732babeb
SHA512

5e90aa6de3bfe2f2e7c60262504f3ae1f6b34d3fe6e2810230a764440ee0bac91409d4011ae0756582051766f9e4be88c26ba630374cd70093119ecb603c8808
SSDEEP

3072:xzoOjHvZrRuCuCg37SKJ3rCFF24ht9LLznwaJuSchmi+Kjyk9A6ppq/DdmHjN/j3:xzrbZrMWNv5TJK99jERcDhmpE

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

31.210.20.102:2664

127.0.0.1:2664

Attributes

license_id
FDFL-86AF-249Z-UP6D-RTBW
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  58033c34f29d72ad5baebf2193d17d73_JaffaCakes118
- Size
  
  184KB
- MD5
  
  58033c34f29d72ad5baebf2193d17d73
- SHA1
  
  780ef4d0957c081f17928c16a21cda1240c0a2a0
- SHA256
  
  00d5640fdd3c1dd3baca7b092ec5aba640394a254477f79a9a58e2c9732babeb
- SHA512
  
  5e90aa6de3bfe2f2e7c60262504f3ae1f6b34d3fe6e2810230a764440ee0bac91409d4011ae0756582051766f9e4be88c26ba630374cd70093119ecb603c8808
- SSDEEP
  
  3072:xzoOjHvZrRuCuCg37SKJ3rCFF24ht9LLznwaJuSchmi+Kjyk9A6ppq/DdmHjN/j3:xzrbZrMWNv5TJK99jERcDhmpE
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2