strrat | 63262891ac6fefea1093be2f08c838661d2d5894f3b6c293ace8ca8767b7648d | Triage

Sharing

General

Target

63262891ac6fefea1093be2f08c838661d2d5894f3b6c293ace8ca8767b7648d.jar
Size

172KB
Sample

240403-bsbrhabf7w
MD5

6be27e5e3901ee3d96af16033fc38225
SHA1

d91f834305d126f0ac2ec29f97fb7c72392135d9
SHA256

63262891ac6fefea1093be2f08c838661d2d5894f3b6c293ace8ca8767b7648d
SHA512

a35dacaea62be75c2e83591b9115ecef9f4ef1117c942679f640d64f9bdc3388ac240272901d6b4abb94a666da79f0ddc99a2557cbd194f71d7fd7a663668118
SSDEEP

3072:3iVaVsGjCCBAexRY7hPGj0MdPnjwE1CXW64Ke6yLohgoHFpjpIU630WGLGB6nOc6:SVaVsecORYwd/jwE2/LyEguHv+0CB6BQ

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

elastsolek22.duckdns.org:4718

zekeriyasolek45.duckdns.org:4718

Attributes

license_id
WFC9-W4KB-388F-9KY1-S6JV
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  63262891ac6fefea1093be2f08c838661d2d5894f3b6c293ace8ca8767b7648d.jar
- Size
  
  172KB
- MD5
  
  6be27e5e3901ee3d96af16033fc38225
- SHA1
  
  d91f834305d126f0ac2ec29f97fb7c72392135d9
- SHA256
  
  63262891ac6fefea1093be2f08c838661d2d5894f3b6c293ace8ca8767b7648d
- SHA512
  
  a35dacaea62be75c2e83591b9115ecef9f4ef1117c942679f640d64f9bdc3388ac240272901d6b4abb94a666da79f0ddc99a2557cbd194f71d7fd7a663668118
- SSDEEP
  
  3072:3iVaVsGjCCBAexRY7hPGj0MdPnjwE1CXW64Ke6yLohgoHFpjpIU630WGLGB6nOc6:SVaVsecORYwd/jwE2/LyEguHv+0CB6BQ
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2