strrat | 50138aa6c36152d659a239c8877faa875d18152fa56c63fada3fc8a69d0719bf | Triage

Sharing

General

Target

50138aa6c36152d659a239c8877faa875d18152fa56c63fada3fc8a69d0719bf.jar
Size

216KB
Sample

240510-knbqdage86
MD5

d553f70a48745ac7fd556cfa45efbc9c
SHA1

f4fb627758fb70518a2fb6a89be2ff3ea40241f8
SHA256

50138aa6c36152d659a239c8877faa875d18152fa56c63fada3fc8a69d0719bf
SHA512

7e6aceae21bd99063d870e61dcbe39c6f19adfa4268bf91734953119a6a78428d6c1e3f44d40c56ed0cfae2df023ea8a60b09ed2acf48bc722dcd7a2d82933c2
SSDEEP

6144:8qnzpwCDhLMFZOo5WK9+TkfFNkW00canghqSiqnXrrzGFA:XzpQZFkgtNwJkgMYXrB

Score

10^/10

strrat discovery execution persistence stealer trojan

Malware Config

Targets

- Target
  
  50138aa6c36152d659a239c8877faa875d18152fa56c63fada3fc8a69d0719bf.jar
- Size
  
  216KB
- MD5
  
  d553f70a48745ac7fd556cfa45efbc9c
- SHA1
  
  f4fb627758fb70518a2fb6a89be2ff3ea40241f8
- SHA256
  
  50138aa6c36152d659a239c8877faa875d18152fa56c63fada3fc8a69d0719bf
- SHA512
  
  7e6aceae21bd99063d870e61dcbe39c6f19adfa4268bf91734953119a6a78428d6c1e3f44d40c56ed0cfae2df023ea8a60b09ed2acf48bc722dcd7a2d82933c2
- SSDEEP
  
  6144:8qnzpwCDhLMFZOo5WK9+TkfFNkW00canghqSiqnXrrzGFA:XzpQZFkgtNwJkgMYXrB
Score

10^/10

execution strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratdiscoveryexecutionpersistencestealertrojan