strrat | c4acaaf51b789c246dc51d925ee92f8e0af9019da7385b8b4b127fca43fbb81d | Triage

Sharing

General

Target

b2097471ac7d4e8304a119e815ac5261_JaffaCakes118
Size

102KB
Sample

240404-h22gvahb3s
MD5

b2097471ac7d4e8304a119e815ac5261
SHA1

c23236d1b2bd3e6925a59d084d2bac275ea0b484
SHA256

c4acaaf51b789c246dc51d925ee92f8e0af9019da7385b8b4b127fca43fbb81d
SHA512

735d716638e5476cbbe038cb77aa98b77263004ecb27f7aa55c5c6b36030032aa20a59f22aeb262965e41b8e1bcf22d235f45f11863717c62423ee934de03bc9
SSDEEP

1536:ddAewzYpcmCIE7/d8CC9odgo08E1fl3VLIjo1S8mfaEh7FT8VYclwDu2d:zAewzChPWC9oqoENIGS7LNFTPcu6u

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

173.209.48.226:5050

nightwolf.workisboring.com:4040

Attributes

license_id
EX1S-4U37-B1T8-TB2H-0ITG
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  b2097471ac7d4e8304a119e815ac5261_JaffaCakes118
- Size
  
  102KB
- MD5
  
  b2097471ac7d4e8304a119e815ac5261
- SHA1
  
  c23236d1b2bd3e6925a59d084d2bac275ea0b484
- SHA256
  
  c4acaaf51b789c246dc51d925ee92f8e0af9019da7385b8b4b127fca43fbb81d
- SHA512
  
  735d716638e5476cbbe038cb77aa98b77263004ecb27f7aa55c5c6b36030032aa20a59f22aeb262965e41b8e1bcf22d235f45f11863717c62423ee934de03bc9
- SSDEEP
  
  1536:ddAewzYpcmCIE7/d8CC9odgo08E1fl3VLIjo1S8mfaEh7FT8VYclwDu2d:zAewzChPWC9oqoENIGS7LNFTPcu6u
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2