strrat | eb32e9398f56cbe2b3f0a1d827808e9252db0d91fa6c477c773500af733d4ca3 | Triage

Sharing

General

Target

eb3d619cba462d77977690934d4cb413_JaffaCakes118
Size

99KB
Sample

240410-reakaaad55
MD5

eb3d619cba462d77977690934d4cb413
SHA1

9d60b4ab4cda0c6693de417dbb2db72c95a73663
SHA256

eb32e9398f56cbe2b3f0a1d827808e9252db0d91fa6c477c773500af733d4ca3
SHA512

f20b3a6bbff91699485e8866dd5d4ab59cc7cf4645ee2f147185fd3449db361afa9fabfa83e86b614ddbea13d50444d944d519a3f57e7884f45a61095156d23c
SSDEEP

1536:i36NYptd54f5fLZZaSF7dnxrzwufJO/Tg7b98KChFkiPVpg3dmI:i3Sstd5MfL/F75hU/T7KChFtPVpgV

Score

10^/10

strrat discovery

Malware Config

Extracted

Family

strrat

C2

103.156.90.52:4292

127.0.0.1:4292

Attributes

license_id
61DP-MVTK-7F5S-QIGT-AV1H
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  eb3d619cba462d77977690934d4cb413_JaffaCakes118
- Size
  
  99KB
- MD5
  
  eb3d619cba462d77977690934d4cb413
- SHA1
  
  9d60b4ab4cda0c6693de417dbb2db72c95a73663
- SHA256
  
  eb32e9398f56cbe2b3f0a1d827808e9252db0d91fa6c477c773500af733d4ca3
- SHA512
  
  f20b3a6bbff91699485e8866dd5d4ab59cc7cf4645ee2f147185fd3449db361afa9fabfa83e86b614ddbea13d50444d944d519a3f57e7884f45a61095156d23c
- SSDEEP
  
  1536:i36NYptd54f5fLZZaSF7dnxrzwufJO/Tg7b98KChFkiPVpg3dmI:i3Sstd5MfL/F75hU/T7KChFtPVpgV
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2