strrat | 8ecee4c88a8b20cc9c9f2a98ad6ba67f917a1bb9577d5cdf3f950b5eb47807c2 | Triage

Sharing

General

Target

f446459e4d64f4d58987cb5cdb1c150e.jar
Size

64KB
Sample

240423-lml1dsfb9v
MD5

f446459e4d64f4d58987cb5cdb1c150e
SHA1

68c68ec9b4c15f27fd2b0ee0fa0199a126a410cd
SHA256

8ecee4c88a8b20cc9c9f2a98ad6ba67f917a1bb9577d5cdf3f950b5eb47807c2
SHA512

5148443470f8bd7c9878278f48b785ae2102d3028da0f232ba425168efedd59526af0fde72767ba07b90fb9f6ed384e1f3d2417103878eb7fb9c72ede99474ef
SSDEEP

1536:YobZK2CD2XJ1JvRVuHlKbfGLKA1+lqSw3yGxVnjmIQMXtne:7M2blvRIHl1TxD1nag9ne

Score

10^/10

strrat discovery persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

elastsolek21.duckdns.org:4781

zekeriyasolek45.duckdns.org:4781

Attributes

license_id
WFC9-W4KB-388F-9KY1-S6JV
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  f446459e4d64f4d58987cb5cdb1c150e.jar
- Size
  
  64KB
- MD5
  
  f446459e4d64f4d58987cb5cdb1c150e
- SHA1
  
  68c68ec9b4c15f27fd2b0ee0fa0199a126a410cd
- SHA256
  
  8ecee4c88a8b20cc9c9f2a98ad6ba67f917a1bb9577d5cdf3f950b5eb47807c2
- SHA512
  
  5148443470f8bd7c9878278f48b785ae2102d3028da0f232ba425168efedd59526af0fde72767ba07b90fb9f6ed384e1f3d2417103878eb7fb9c72ede99474ef
- SSDEEP
  
  1536:YobZK2CD2XJ1JvRVuHlKbfGLKA1+lqSw3yGxVnjmIQMXtne:7M2blvRIHl1TxD1nag9ne
Score

10^/10

strrat persistence stealer trojan discovery
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

strratpersistencestealertrojan

behavioral2

strratdiscoverypersistencestealertrojan