strrat | 39694a390267d62c814460cb461426a78d3d43a701f5877896c8cbec48c7827d | Triage

Sharing

General

Target

39694a390267d62c814460cb461426a78d3d43a701f5877896c8cbec48c7827d
Size

64KB
Sample

240428-vbge7scb78
MD5

5d16505a5abfcfc99095a676f1f0bd64
SHA1

facfb1f1014ba5f8c8618678a1a9a7f5bf5c35e5
SHA256

39694a390267d62c814460cb461426a78d3d43a701f5877896c8cbec48c7827d
SHA512

a49885eb60f6429c1247ae44bcf806836031a7191078a3b14b47c26b577bd2824d64ab17df8244361e114235600043188eae2794f58f299094976682865dc2cb
SSDEEP

1536:UNWRlwUsz/P+zKG2X2CWYqLvSUWD+YBFBbOl+H/Zm:UNisz/6YriYFfH/Zm

Score

10^/10

strrat discovery persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

elastsolek21.duckdns.org:4781

zekeriyasolek45.duckdns.org:4781

Attributes

license_id
WFC9-W4KB-388F-9KY1-S6JV
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  39694a390267d62c814460cb461426a78d3d43a701f5877896c8cbec48c7827d
- Size
  
  64KB
- MD5
  
  5d16505a5abfcfc99095a676f1f0bd64
- SHA1
  
  facfb1f1014ba5f8c8618678a1a9a7f5bf5c35e5
- SHA256
  
  39694a390267d62c814460cb461426a78d3d43a701f5877896c8cbec48c7827d
- SHA512
  
  a49885eb60f6429c1247ae44bcf806836031a7191078a3b14b47c26b577bd2824d64ab17df8244361e114235600043188eae2794f58f299094976682865dc2cb
- SSDEEP
  
  1536:UNWRlwUsz/P+zKG2X2CWYqLvSUWD+YBFBbOl+H/Zm:UNisz/6YriYFfH/Zm
Score

10^/10

strrat persistence stealer trojan discovery
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

strratpersistencestealertrojan

behavioral2

strratdiscoverypersistencestealertrojan

behavioral3

strratdiscoverypersistencestealertrojan

behavioral4

strratdiscoverypersistencestealertrojan