strrat | ca9d7a7c040125eed02d41543978fc9b9f9f0d084f0d0a5c1a3f99a21e0f400b | Triage

Sharing

General

Target

70ba18fc4b0a9904afad5f33870df249_JaffaCakes118
Size

184KB
Sample

240401-njxc3ada8y
MD5

70ba18fc4b0a9904afad5f33870df249
SHA1

ff4e7f67c62ede5dfd3513c9b6475ff2cbc1b019
SHA256

ca9d7a7c040125eed02d41543978fc9b9f9f0d084f0d0a5c1a3f99a21e0f400b
SHA512

061fba8446ed801e2daccc6d7ab911590b923941d3afc6a694fa930fb06f620a1c7908a84d22bc29ac70d6b533159168cdad201c73ee0d24bb7389f133b3f201
SSDEEP

3072:iIni6Tvrnam+8nraDdoRi73IdqwkK2yWoLL8NkbJJ74mMXr57w0AkBUQ:C6Lra1gi737wkK29Nk09XhAkBUQ

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

31.210.20.164:4292

127.0.0.1:4292

Attributes

license_id
61DP-MVTK-7F5S-QIGT-AV1H
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  70ba18fc4b0a9904afad5f33870df249_JaffaCakes118
- Size
  
  184KB
- MD5
  
  70ba18fc4b0a9904afad5f33870df249
- SHA1
  
  ff4e7f67c62ede5dfd3513c9b6475ff2cbc1b019
- SHA256
  
  ca9d7a7c040125eed02d41543978fc9b9f9f0d084f0d0a5c1a3f99a21e0f400b
- SHA512
  
  061fba8446ed801e2daccc6d7ab911590b923941d3afc6a694fa930fb06f620a1c7908a84d22bc29ac70d6b533159168cdad201c73ee0d24bb7389f133b3f201
- SSDEEP
  
  3072:iIni6Tvrnam+8nraDdoRi73IdqwkK2yWoLL8NkbJJ74mMXr57w0AkBUQ:C6Lra1gi737wkK29Nk09XhAkBUQ
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2