strrat | a98d9028b8f90a56e17743affb17f3ad95585e35c225714bec021330f7b9b2bd | Triage

Sharing

General

Target

a98d9028b8f90a56e17743affb17f3ad95585e35c225714bec021330f7b9b2bd.zip
Size

482KB
Sample

240510-mm98nahf7t
MD5

cc35cd6848b337e11d8c906599f5c1a7
SHA1

d58ad22a32e2240aee30bbbd02c1fbda64214369
SHA256

a98d9028b8f90a56e17743affb17f3ad95585e35c225714bec021330f7b9b2bd
SHA512

0e28b92d54b27c5bca2c6a84a9f6b36a97a709844c8d8ef0100e5d3549519dae15a6235e7b9d9e8f749c85222b87cd27a5b6ba3cfb47c28f2d8dd7ce1f8d64e5
SSDEEP

6144:xCcYtxy9vu6UAk6HguituQ/Wc1ca2J511r4LrjGzcJw4s9KkMz85GAz4:lIyYhZujQ51iJn1r4qzcJL6KkMz85Jz4

Score

10^/10

strrat discovery persistence stealer trojan

Malware Config

Targets

- Target
  
  a98d9028b8f90a56e17743affb17f3ad95585e35c225714bec021330f7b9b2bd.zip
- Size
  
  482KB
- MD5
  
  cc35cd6848b337e11d8c906599f5c1a7
- SHA1
  
  d58ad22a32e2240aee30bbbd02c1fbda64214369
- SHA256
  
  a98d9028b8f90a56e17743affb17f3ad95585e35c225714bec021330f7b9b2bd
- SHA512
  
  0e28b92d54b27c5bca2c6a84a9f6b36a97a709844c8d8ef0100e5d3549519dae15a6235e7b9d9e8f749c85222b87cd27a5b6ba3cfb47c28f2d8dd7ce1f8d64e5
- SSDEEP
  
  6144:xCcYtxy9vu6UAk6HguituQ/Wc1ca2J511r4LrjGzcJw4s9KkMz85GAz4:lIyYhZujQ51iJn1r4qzcJL6KkMz85Jz4
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan