strrat | 62229e0f4da3175320dff7b4783a373c6ede87d20ca8caff6b21a3674610509c | Triage

Sharing

General

Target

98f7c08f8008f97e210bfc4d00dbe4a1_JaffaCakes118
Size

184KB
Sample

240402-2h56gafh26
MD5

98f7c08f8008f97e210bfc4d00dbe4a1
SHA1

30f02ead4606acf7ffb8a9b3a1f2423475c3ff2e
SHA256

62229e0f4da3175320dff7b4783a373c6ede87d20ca8caff6b21a3674610509c
SHA512

3cc83e48aa36129876fef5b734efdc7aa35197b36fcc66840c4605dadab5b61159269a71e33425bb1c2f3bda2ae0f49666dca619fb399a10f7dd647c7cb94564
SSDEEP

3072:DubgnBkFAuzvIIMglu8Ibx5xQmQHL8SVZZRa6M8qTYvKRLl06XvthablD3b4OU4M:6bkiKUI1BBx5x8BFRa6fUjrtiTb4pQ1Q

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

31.210.20.164:4292

127.0.0.1:4292

Attributes

license_id
61DP-MVTK-7F5S-QIGT-AV1H
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  98f7c08f8008f97e210bfc4d00dbe4a1_JaffaCakes118
- Size
  
  184KB
- MD5
  
  98f7c08f8008f97e210bfc4d00dbe4a1
- SHA1
  
  30f02ead4606acf7ffb8a9b3a1f2423475c3ff2e
- SHA256
  
  62229e0f4da3175320dff7b4783a373c6ede87d20ca8caff6b21a3674610509c
- SHA512
  
  3cc83e48aa36129876fef5b734efdc7aa35197b36fcc66840c4605dadab5b61159269a71e33425bb1c2f3bda2ae0f49666dca619fb399a10f7dd647c7cb94564
- SSDEEP
  
  3072:DubgnBkFAuzvIIMglu8Ibx5xQmQHL8SVZZRa6M8qTYvKRLl06XvthablD3b4OU4M:6bkiKUI1BBx5x8BFRa6fUjrtiTb4pQ1Q
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2