strrat | 80658759ad67edd23bc4cbfaba5e2add421ff794772ddffe24174b6f25904087 | Triage

Sharing

General

Target

75ca8e8dcf4e6d4d4e641c4a968daa19_JaffaCakes118
Size

184KB
Sample

240401-vs48laac8w
MD5

75ca8e8dcf4e6d4d4e641c4a968daa19
SHA1

1b5f0941d329fc14f56451c0e1c94d68fcec17ec
SHA256

80658759ad67edd23bc4cbfaba5e2add421ff794772ddffe24174b6f25904087
SHA512

dcb0d44d370ecc9acb57b97eb63c473028277c9621e11b646a2d935699b43e3ea830feed4128ce1e583adbf433f3af595ea6533525ba03731bbb942d989390b6
SSDEEP

3072:h72/CkY3miW9kLPBcanX3z8MlMDrGNZ1Ii0M0GVarNWtOQDaj19JYZ4+x0oe1:h72akOc/KZ1N0M0+c82tq440oe1

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

31.210.20.102:2664

127.0.0.1:2664

Attributes

license_id
FDFL-86AF-249Z-UP6D-RTBW
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  75ca8e8dcf4e6d4d4e641c4a968daa19_JaffaCakes118
- Size
  
  184KB
- MD5
  
  75ca8e8dcf4e6d4d4e641c4a968daa19
- SHA1
  
  1b5f0941d329fc14f56451c0e1c94d68fcec17ec
- SHA256
  
  80658759ad67edd23bc4cbfaba5e2add421ff794772ddffe24174b6f25904087
- SHA512
  
  dcb0d44d370ecc9acb57b97eb63c473028277c9621e11b646a2d935699b43e3ea830feed4128ce1e583adbf433f3af595ea6533525ba03731bbb942d989390b6
- SSDEEP
  
  3072:h72/CkY3miW9kLPBcanX3z8MlMDrGNZ1Ii0M0GVarNWtOQDaj19JYZ4+x0oe1:h72akOc/KZ1N0M0+c82tq440oe1
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2