strrat | 1dfd81ebae1060bb1437f7083e287a74cdc72c5f667b851b6956580d928d8691 | Triage

Sharing

General

Target

1dfd81ebae1060bb1437f7083e287a74cdc72c5f667b851b6956580d928d8691.jar
Size

66KB
Sample

240410-bmrwjaeg7s
MD5

693f550992179d007e13d68d24f54c2e
SHA1

794c4bd6c87f9edcd5f73e9d0f97c2879c2a53ec
SHA256

1dfd81ebae1060bb1437f7083e287a74cdc72c5f667b851b6956580d928d8691
SHA512

47da4d2415f8c16d46bdea769f7ab17164460c641b014a8741bab3a1f09b50a01edee418e8939f44f6e0f24fe518983ae1846ca01190ce13c63494cc9214297e
SSDEEP

1536:OQAvsUq9hJrNB5mtCnZ+N+UAzDCb6ixMvNOeN:OzvG3JrsUn66COimRN

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

elastsolek21.duckdns.org:4781

zekeriyasolek45.duckdns.org:4781

Attributes

license_id
WFC9-W4KB-388F-9KY1-S6JV
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  1dfd81ebae1060bb1437f7083e287a74cdc72c5f667b851b6956580d928d8691.jar
- Size
  
  66KB
- MD5
  
  693f550992179d007e13d68d24f54c2e
- SHA1
  
  794c4bd6c87f9edcd5f73e9d0f97c2879c2a53ec
- SHA256
  
  1dfd81ebae1060bb1437f7083e287a74cdc72c5f667b851b6956580d928d8691
- SHA512
  
  47da4d2415f8c16d46bdea769f7ab17164460c641b014a8741bab3a1f09b50a01edee418e8939f44f6e0f24fe518983ae1846ca01190ce13c63494cc9214297e
- SSDEEP
  
  1536:OQAvsUq9hJrNB5mtCnZ+N+UAzDCb6ixMvNOeN:OzvG3JrsUn66COimRN
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2